Where is Chrome 89.0.4389.72 to fix the serious 0-day vulnerability?

There's a pretty serious 0-day affecting Google Chrome and it's made some news sites, here's one example: https://www.bleepingcomputer.com/news/security/google-fixes-second-actively-exploited-chrome-zero-day-bug-this-year/

I can't believe something so serious is not in patch manager?  How can I get it to show up in patch manager?

  • Has anyone successfully migrated from SolarWinds patch manager to PDQDeploy?  We are thinking of going that route since the hack and eh hem.... lack of attention to these updates and this post.

  • Patch manager supports rolling your own patches, I dare say that if you aren't doing so then you probably aren't utilizing PM anywhere near it's capabilities.  It's nice that SW is able to provide a patch catalog for users, but waiting for them to get around to it would never be the best course of action on a major 0 day. Acting like you are crippled without them doing the leg work is kind of meh.  If you haven't created a package it might take maybe an hour or two to learn how to do one on your own, but if you have learned how to use the tool ahead of time they only take a few minutes to build.

    https://documentation.solarwinds.com/en/Success_Center/patchman/Content/SPMAG_CreatingSoftwarePackages.htm

  • You know, if we didn't pay SolarWinds for this service, I'd totally agree with you. What you're saying is that, if we go to a restaurant and they don't deliver our food in time, we have every right to go home and make our own food even though we paid for restaurant service. Quit acting like a martyr and understand that we purchased a product with the expectation of delivery.

  • @kjstech

    We have had issues recently due to unforeseen issues(Texas Freeze and power issue, December 13th nightmare, and changes in our security posture) 

    Did you put a support ticket in? We are more than willing to help out if you put a ticket in.   We do take time to test the packages before releasing and this one was released in our catalog last Thursday(03/04/2021).  

    We believe we have the delay resolved and we should go back to the prior release timing.  

    Just understand testing takes time and we want to make sure it works prior to release. 

    Thanks,

    Chris

  • We can test the packages thats no problem.  If you just put them in there I can approve just to a small test group.  Does that help take some of the burden off your team?  Its not a problem working together on this.  Maybe not all companies have the time to test (they really should but I get it...) so maybe a checkbox in a future version like [ ] show bleeding edge and untested, experimental packages for third party software.  Check it and pop up a warning how they are un-tested and its highly recommended to only deploy to a small test group before organziation wide.  If you can get through that prompt then show them the meat and potatoes!

    I forgot your in TX.  Most of the companies we work with are on the west coast.  Also the December 13th thing was outdone.  Microsoft came by and said, "Here, hold my beer!".  Thankfully we patched Exchange the day they released it and have not seen any evidence of being hit with that vulnerability.

  • I appreciate the suggestion and the willingness to help! That is awesome ! 

    That is a suggestion I can take to the Patch Manager team. The problem is our testing consists of creating applicability rules that dictate whether the package installs or not. So releasing the product untested may not speed up anything because it may fail to install. Then we are in the same boat or worse because the influx of support cases due to a failed install. 

    Yep we are based in Austin.  

     On a side note, The latest google was released today. Sync your catalog!!