Good Morning,
I was wondering how everyone is handling chrome/edge vulnerabilities? I feel that the vulnerabilities page is constantly getting flooded with them as it seems each week they are coming out with a new release to fix security flaws. I don’t want to ignore them, but what do you all do to cut back the real estate that these vulnerabilities can take up on the nexpose/InsightVM vulnerability screen?
If you are talking about the IVM Vulnerabilities page, there is a filter button. In the drop down menu, you can do something like
“Vulnerability Title” does not contain “Chrome” “Edge” etc.
It is certainly not the best solution (as Chrome drops updates virtually every 10 days or so), but it works if you need a quick glance at the overall posture without including those vulns specifically.
Great, thanks. I’ll check that out!
They have their own vulnerability category ‘Browsers’ in IVM.
Webbrowsers are a high risk category application, users rely on them and use them daily to access online content on the internet.
So when they visit a website that exploits any of those reported unremediated vulnerabilities, this may lead to compromise.
So make sure you have additional configured and managed security controls in place too, like EDR, webproxy etc.
Enforcing browser updates through policies should reduce the amount of vulnerable assets quickly.
Also consider creating a separate dashboard / report and/or remediation project for browser category vulnerabilities to monitor.
Thanks for the response and additional insight. I definitely don’t wish for these vulnerabilities to remain out of sight as they are high risk as you stated. We are automatically applying updates for our browsers as those updates become available.
I’m doing weekly scans of all my sites and due to how frequent new vulnerabilities pop up that’s where the issue lies with the browsers. By the time the following week of scans hit each site there is already a string of new vulnerabilities that results in my dashboard being flooded.
I may just do a separate dashboard as you suggested. That is a great idea. Thanks again!