|
|
Forum Thread: Google Chrome
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.
This thread was submitted in the following forum:
Secunia PSI - BETA Feedback
| ottchris-primary
| Google Chrome
|
|
|
by ottchris-primary on 10th Jun, 2009 16:46
|
Posts: 8
User Since: 19th Apr, 2008
Secunia System Score: 99%
Location: UK |
[Secunia PSI Version 1.0.0.6 Beta]
There are earlier Beta threads concerning Google Chrome but appear to be mistaken in reporting problem as fixed.
The root cause of the problem would appear to be the way Google Chrome updates are maintained. For example, I ran an update today which updated Chrome from 2.0.172.30 to 2.0.172.31. The Chrome executable sits in a parent directory with dll's in a subdirectory whose name is the version number e.g. 2.0.172.30. Most of the time but not always, the update process retains one previous version intact. So this time round post update we are left with two subdirectories, 2.0.172.30 and 2.0.172.31. It would appear that the update process modifies the executable to by some mechanism (registry?)load the new dlls i.e. the exectable itself does not appear to have been modified.
Now, PSI lists the dll, not the executable as the secure/insecure module i.e. before the update it just listed the 2.0.172.30 module as insecure. Post update, a rescan of the insecure module merely confirms the module as insecure although when Chrome is run it picks up the new secure modules. Following a rescan of the entire system, PSI now reports two instances of Chrome even though there is only one executable, i.e. it lists the 2.0.172.30 dll as insecure and the 2.0.172.31 dll as secure. In the secure browsing tab it also has two instances of Chrome.
Previously, the same 'retain the previous dll subdirectory' system was in operation when Chrome went from version 1 to version 2. I think the version 1 dll subdirectory was removed in the last update before this so for a short time, and before the recent update, only the 2.0.172.30 subdirectory existed. This may be why it was mistakenly thought the problem had been resolved.
Apologies for the long-winded explanation; just trying to ensure the way Chrome appears to be being updated is fully understood.
Regards to All,
Chris
--
OS: Windows XP Pro SP3 |
|
|
| Anthony Wells
| RE: Google Chrome
|
|
|
by Anthony Wells on 10th Jun, 2009 17:32, last edited on 10th Jun, 2009 17:32
|
Posts: 652
User Since: 19th Dec, 2007
Secunia System Score: N/A
Location: N/A |
I think you have summed things up extremely well , especialy for a non techie like me.
In my case I seem to have resolved the problem by loading the version installer I want and running it and updating with it - nothing seems to happen , but it does it very quickly , & then when you check the browser or files it's updated and for me "seems" to leave just the new folder - in my case v2.0.181.1 - and the new .dlls. The old .exe seems unchanged , as you said. Or maybe it's all beginners luck and v3 will trap us again. |
|
|
| BigDave_39
| RE: Google Chrome
|
|
|
by BigDave_39 on 10th Jun, 2009 21:21
|
Posts: 175
User Since: 26th Nov, 2008
Secunia System Score: N/A
Location: Washington, DC, US |
Great information mate. Well written and to the point.
I wonder why Google have chosen til approach? One would think it should be able to clean it up...
Looking at chrome.exe (right-clicking) it, the version information is "0.0.0.0", that must be why the PSI is not detecting chrome on this file..
--
Big Dave |
|
|
| graham_346
| RE: Google Chrome
|
|
|
by graham_346 on 12th Jun, 2009 20:03
|
Posts: 3
User Since: 19th Jan, 2008
Secunia System Score: N/A
Location: N/A |
Thank you for the explaination. However, Even though I have adminstrator rights, I could not remove the old version (access denied!) from within the Secunia window. I am running Vista Home Pre 64b version (SP2 updated).
Maybe I'll set and ignore rule until it goes away on its own (with Chrome v3????). |
|
|
| mgrudem
| RE: Google Chrome
|
|
|
by mgrudem on 13th Jun, 2009 19:04
|
Posts: 2
User Since: 2nd Jun, 2009
Secunia System Score: N/A
Location: N/A |
Thanks for the explanation! Simple solution is simply going in and removing the old directory. Beware, you must completely remove the old directory from your system (empty your recycle bin or Shift+Delete) because PSI will still consider your system unpatched.
MG |
|
|
| Anthony Wells
| RE: Google Chrome
|
|
|
by Anthony Wells on 13th Jun, 2009 19:29, last edited on 13th Jun, 2009 19:29
|
Posts: 652
User Since: 19th Dec, 2007
Secunia System Score: N/A
Location: N/A |
I followed & commented on Chrome when PSI v1.0.0.5 started .
At first only Google Gears was picked up as the Chrome 2 I had loaded is/was a Beta. Psi then showed V2 as a Browser and then my actual version in the main scan as patched. This all happened quite quickly .
As the .exe file is not numbered for any Chrome version , I'm guessing that PSI could only use the .dll files and , Beta or not , it makes no difference. This also relates to .dll's in the recent Adobe 9 problems.
So we get some benefit : ie : Betas show up ; and so we need to know how to housekeep the older folders until PSI and/or Chrome change the rules ( you know thy will!)
My use of the setup .exe , rather than the Browser update link , for new versions "seems" to work for me at the moment. |
|
|
| English Teacher
| RE: Google Chrome
|
|
|
by English Teacher on 20th Jun, 2009 15:24, last edited on 20th Jun, 2009 15:24
|
Posts: 21
User Since: 27th Dec, 2008
Secunia System Score: 100%
Location: Salerno, IT |
I have the latest stable version of Secunia PSI v1.0.0.4 However despite even Google Chrome saying it's updated, PSI says it's not and that the version of Chrome is 2.0.172.30. Chrome was updated nearly two weeks ago.
I have used Chrome many times but the old folder for version 2.0.172.30 is still there, even if somebody has said that after a few start ups of Chrome it will be deleted.
Is it OK to delete this folder myself or must I wait for Chrome to do it?
C:\\\\Google\Chrome\Application\2.0.172.30
Thanks
--
Never argue with Stupid People. They just drag you down to their level and beat you with Experience.
Better to remain silent and be thought a fool, than to speak and remove all doubt.
|
|
|
| mgrudem
| RE: Google Chrome
|
|
|
by mgrudem on 20th Jun, 2009 20:19
|
Posts: 2
User Since: 2nd Jun, 2009
Secunia System Score: N/A
Location: N/A |
on 20th Jun, 2009 15:24, English Teacher wrote:
I have the latest stable version of Secunia PSI v1.0.0.4 However despite even Google Chrome saying it's updated, PSI says it's not and that the version of Chrome is 2.0.172.30. Chrome was updated nearly two weeks ago.
I have used Chrome many times but the old folder for version 2.0.172.30 is still there, even if somebody has said that after a few start ups of Chrome it will be deleted.
Is it OK to delete this folder myself or must I wait for Chrome to do it?
C:\\\\Google\Chrome\Application\2.0.172.30
Thanks
Yes, you may clean up the older directory yourself. I cleaned mine up over a week ago and haven't experienced any issues.
Permenently delete the old directory however, Secunia will find it in your recycle bin or if you rename it.
Mike, MCTS |
|
|
| PanthersClaws4
| RE: Google Chrome
|
|
|
by PanthersClaws4 on 4th Jul, 2009 18:33
|
Posts: 1
User Since: 3rd Jul, 2009
Secunia System Score: N/A
Location: N/A |
ok i must be thick since i don't really get what u said or what is happening --- the bottom line is i how do i fix the issue? do i just leave it alone and have that keep popping up as an issue in secunia or is there a simple easy way to rectify the problem? and will this continue to happen with each new update of the program? thanks |
|
|
| Anthony Wells
| RE: Google Chrome
|
|
|
by Anthony Wells on 6th Jul, 2009 21:49
|
Posts: 652
User Since: 19th Dec, 2007
Secunia System Score: N/A
Location: N/A |
You could reread the thread where everything that might help in getting rid of the file is in the first post (more or less):that is: look for the old version folder in the main Chrome folder. If you are still not sure about dealing with proramme files or wherever Chrome is loaded , ask a friend to help/teach you .
You could write/create an ignore rule using the "toolbox" link (in advanced mode) and/or just leave it ; I can't say , but that could cause/be a security problem.
Depending on how you next update , the problem may well reappear !:(( |
|
|
| Anthony Wells
| RE: Google Chrome
|
|
|
by Anthony Wells on 22nd Jul, 2009 22:09, last edited on 22nd Jul, 2009 22:09
|
Posts: 652
User Since: 19th Dec, 2007
Secunia System Score: N/A
Location: N/A |
Hello _da aka glen.84 ,
It does show up that what the Chrome guys see as "no problem" , Secunia sees the same thing & says "is this a problem ?"
Do we expect Secunia to give us the answer by their assessment with or without the Chrome input ; do Secunia know it's a problem or do we ,or rather you in this case , act as the go between . Chrome seem quite clear , but has anyone had direct contact with the PSI guys .
Adobe Reader 9.0 update appeared to have similar problems ; at least PSI recognises Chrome Betas this way FWIW )
Thank you for your efforts
Anthony
|
|
|
| darkangel
| RE: Google Chrome
|
|
|
by darkangel on 22nd Jul, 2009 22:14
|
Posts: 4
User Since: 29th Jan, 2008
Secunia System Score: N/A
Location: N/A |
Hi Anthony,
I e-mailed Secunia a short while ago regarding this matter.
_da. |
|
|
|
