Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: psi states google chrome is end of life while it isn't

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Google
And, this specific program:
Google Chrome 14.x

This thread has been marked as locked.
Tito335 psi states google chrome is end of life while it isn't
Member 28th Sep, 2011 21:44
Ranking: 0
Posts: 42
User Since: 7th Jun, 2011
System Score: N/A
Location: EG
Last edited on 28th Sep, 2011 21:44

hi
all the time i was using psi and a newer version of google chrome is released it auto update it self

but a EOL marks appear in scans for just few days and dissappear after a while to be patched

but this time it stayed longer for about 2 weeks now
and i double checked opened >google chrome > options>about gc> gc is up to date

and i scaned my pc using secunia and also it's still there

shall i ignore it and it will disappeare after a while as normal or what ?

thanks

Maurice Joyce RE: psi states google chrome is end of life while it isn't
Handling Contributor 28th Sep, 2011 21:54
Score: 11312
Posts: 8,726
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Anthony Wells is the guru on Google. It might help if U give the path to the problem for him to respond when online.


FINDING A FILE PATH

From the DASHBOARD page click on SCAN RESULTS.

1. This will list all your programmes with a + to the left of each one.
2. Click the + sign next to the item that U want help with.
3. This will reveal the path under DETECTED INSTANCES.
4. Highlight it then copy (CTRL+C) then paste (CTRL+V)) that path back to the Forum.
OR THIS METHOD WHICH GIVES A HELPER MORE INFORMATION
4a Below DETECTED INSTANCES you will see You can double click this row for additional information & options>double click it>a box will appear>click TROUBLESHOOT REPORT>Now highlight the information revealed from START to END & copy it (CTRL+C) then post it to the Forum (CTRL+V)

The end result U post to the Forum should look like this:
---START---

Program Name:
Apple iTunes 10.x

Security State:
Insecure

Download Link:
http://appldnld.apple.com/iTunes10/061-9638.201103...

Instances Found:
C:\Program Files\iTunes\iTunes.exe, version: 10.1.2.17

Last System Scan (localtime):
3. Mar 2011, 16:47

Operating System:
Microsoft Windows XP Home Edition, Service Pack 3

---END---
Update 9 09:33 13/03/2011

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
Tito335 RE: psi states google chrome is end of life while it isn't
Member 28th Sep, 2011 22:41
Score: 0
Posts: 42
User Since: 7th Jun 2011
System Score: N/A
Location: EG
Last edited on 28th Sep, 2011 22:44
---START---

Program Name:
Google Chrome 13.x

Security State:
End-of-Life

Download Link:
http://www.google.com/chrome

Instances Found:
C:\Users\****\AppData\Local\Google\Chrome\Applicat ion\13.0.782.220\chrome.dll, version: 13.0.782.220

Last System Scan (localtime):
28. Sep 2011, 21:21

Operating System:
Microsoft Windows 7,

---END---


*= removed personal data

also i have another general question regarding adobe flash player
as newer version was released week ago and i didn't know that except today
i updated it anyways
but the question is was my pc affected by this insecure version all that week long ?
i was playing online facebook games which require adobe flash player to run
and of course youtube which also needs flash to view videos

thanks
Was this reply relevant?
+0
-0
mogs RE: psi states google chrome is end of life while it isn't
Expert Contributor 28th Sep, 2011 23:01
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
From what I can see of it; the following is the latest Stable channel Chrome ( from 20/9/11 ) :-
Stable Channel Update
| 12:14
Labels: Beta updates, Stable updates
The Beta and Stable channels have been updated to 14.0.835.186 for Windows, Mac, Linux, and Chrome Frame.

This release includes an update to Flash Player that addresses a zero-day vulnerability.

If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome


As I use the Dev and Canary Chrome versions...which psi does'nt monitor.....I just remove the older file/version at each update. I have had the odd occasion when it's done a disappearing act of it's own accord....but never wait long to remove it.
In this instance.....if you do indeed already have the Chrome 14 installed.....simply following the 13 version filepath that you've given...and deleting it...will stop psi from detecting it.

Hope this helps.......regards,

--
Was this reply relevant?
+1
-1
Maurice Joyce RE: psi states google chrome is end of life while it isn't
Handling Contributor 29th Sep, 2011 01:07
Score: 11312
Posts: 8,726
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Regarding this:
also i have another general question regarding adobe flash player
as newer version was released week ago and i didn't know that except today
i updated it anyways
but the question is was my pc affected by this insecure version all that week long ?
i was playing online facebook games which require adobe flash player to run
and of course youtube which also needs flash to view videos


Highly unlikely - just complete a full anti virus scan when time permits.


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
Anthony Wells RE: psi states google chrome is end of life while it isn't
Expert Contributor 29th Sep, 2011 11:41
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 29th Sep, 2011 11:47
Hello Tito335 ,

To expand a little on what has been said :-

Your Chrome Stable version is now on platform 14.x ; when it updates and the "last version" was on an older platform , in this case 13.x , then the old platform version gets displayed as an "EOL" rather than a "zombie" file . Within the channel auto updates has the older "zombie" file removed and a new one created each time :ie: two files .

When you have a channel update , the last (13.x) version "usually" is left there - at least for some time :ie: you have a third file that you need to delete manually for the PSI to get back to 100% . The EOL is also likely to be "insecure/vulnerable" , however for technical reasons it is not very accessible to the bad guys in "normal" circumstances ; the same reasons apply to zombies .

Concerning Flash , as Mogs' says , your Chrome auto update will have updated Flash for you (probably before the official Adobe release) - so you are good with Chrome .

As Maurice Joyce says , concerning any other browser , you are not likely to have been attacked but your browser was technically "affected" by the/any "potential Flash vulnerability" until you updated your Flash ActiveX and/or NPAPI plug-in .

As you need to run a full scan to see a Flash update displayed and such things concern you , either you will need to manually select a scan more frequently or use Secunia's Software Inspector Reminder advisor email system which warns you of "major programme" updates , as covered by the OSI (it covers Flash) and can be selected in "My Profile" at the top of this page .

Having said that , unless there there was a serious zero day exploit in the wild using the Flash vulnerability to launch attacks from day one , then your exposure in the (up to saven days) delay in updating before a weekly PSI auto scan was minimal . Most danger comes as the attacks are developed with time and the bad guys rely onand benefit from the large numbers of computer users who run insecure software for weeks , months and longer . That is why the PSI is such an important security tool for each everyone .

Finally , even if your Flash is up to date , it alone will not save you if you are going "anywhere and everywhere" on the web and are not using safe surfing rules .

Sorry if that is a bit long winded ; just thought the info might make the picture clearer for you .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability