fleetdm
Potential false positives for CVEs related to Google Chrome in Fleet 4.51.0
Fleet version: 4.51.0
💥 Actual behavior
A customer is reporting that CVEs are being reported for a version of Google Chrome that has already been patched. Attached screen shots show multiple CVEs related to Chrome appearing 829 times in the Fleet environment even though all hosts (274) were patched with a version of Chrome. This CVE should no longer be appearing in Fleet.
🕯️ More info (optional)
The CVEs in question appear in Dogfood but the numbers appear to be accurate. I am attempting to get a screenshot of what the CVE detail page looks like in the customer’s environment to learn more about what software pieces they apply to and if versions of Chrome are that don’t actually appear in the environment are being reported.
Hey team! Please add your planning poker estimate with Zenhub @getvictor @jacobshandling @lucasmrod @mostlikelee @RachelElysia
@ddribeiro cleanups for vulnerabilities runs every 2 * periodicity (1hr being the default periodicity for the vulnerability cron). So, found vulnerabilities that no longer apply are deleted at that time. Could this be what we're running into here?
@ddribeiro was there any follow up to this issue? If not we'll be closing it out as stale. Thank you!
@xpkoala The customer responded to my thread last night with a link to schedule a troubleshooting call. I think we're going to set something up to learn more details about the behavior and report back.
@xpkoala We can go ahead and close this issue. We haven't been able to get more info on the customer side of things.
cc: @mostlikelee
Chrome patched, yet still, CVEs echo wrongly, Fleet's truth will dispel.
