Chrome Checker Bot (CCBot), also known as Chrome/Chromium Vulnerability Checker. This Python script monitors the Google Chrome release page for any announced vulnerabilities in Chrome/Chromium. It utilizes the Google Chrome Releases RSS feed to fetch the latest updates and checks for security-related content. If security issues are detected, it sends a formatted message to a specified Slack channel using a webhook.
This software was written by Joshua Rogers. For more information, see the blog post.
pip install ccbot-pydocker run -e SLACK_WEBHOOK_URL='your_slack_webhook_url' megamansec/ccbotdocker run -e SLACK_WEBHOOK_URL='your_slack_webhook_url' ghcr.io/megamansec/ccbotgit clone https://github.com/MegaManSec/CCBot.git
cd CCBot
pip install .
ccbotBefore running the script, ensure you set up the following configurations:
SLACK_WEBHOOK_URL: Set your Slack webhook URL as an environment variable.RSS_URL: Google Chrome Releases RSS feed URL.REFRESH_INTERVAL_SECONDS: Time interval for checking updates in seconds.
The script performs the following tasks:
- Fetches the latest entries from the Google Chrome Releases RSS feed.
- Filters entries based on specified tags (
Desktop Update,Stable updates). - Extracts security-related content from the entry's description or the linked URL.
- Formats and sends a Slack message if security issues are detected.
The Slack message includes the following information for each security issue:
- Timestamp: Time of the release.
- URL: Link to the release details.
- Security Issues: List of security issues, including severity, CVE number, and description.
- The script runs indefinitely, periodically checking for updates based on the refresh interval.
- If a security-related article is found without specific CVEs, it still notifies Slack for manual verification.
- The script employs regex patterns for extracting security content, adapting to potential variations in the HTML structure.
You can run the script in your terminal with the following instructions.
-
Set up a Python virtual environment and install the package:
python3 -m venv venv venv/bin/pip install --upgrade pip venv/bin/pip install . -
Set up the Slack webhook URL as an environment variable:
export SLACK_WEBHOOK_URL='your_slack_webhook_url'
-
Run the script:
venv/bin/ccbot
A Debian-based installation script, install.sh, is provided. When run as root, this script:
- Creates (if necessary) a Python virtual environment in
/opt/ccbot. - Installs the package into that virtual environment.
- Installs and enables a systemd service (
/etc/systemd/system/ccbot.service) that runs ccbot in the background. - Configures logging to
/var/log/ccbot.logand/var/log/ccbot_error.log. - Sets up log rotation in
/etc/logrotate.d/ccbot.
You may optionally pass a single argument to install.sh to define the SLACK_WEBHOOK_URL environment variable used by the script:
sudo ./install.sh "https://hooks.slack.com/services/[...]"
ccbot has been installed, the service is started, and log rotation is set up.If you don't provide a URL, you can manually edit /etc/systemd/system/ccbot.service later to set or change the webhook URL.
This project is licensed under AGPL-3.0.