navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Insecure Chrome found in non-existent folder !?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
OSI

This thread has been marked as locked.
sparge Insecure Chrome found in non-existent folder !?
Member 27th Feb, 2010 01:55
Ranking: 0
Posts: 5
User Since: 27th Feb, 2010
System Score: N/A
Location: UK
Hi guys, I ran Secunia tonight (liking it very much), on my Win XP Home SP3 box, and have already fixed three of the five vulnerabilities identified, but I'm a bit baffled by this one:

(Google Chrome)

The detected version installed on your system is 4.0.249.78, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 4.0.249.89.

Update Instructions:
Download

Installed on Your System in:
C:\DOCUME~1\Andy\LOCALS~1\Temp\..\application data\google\Chrome\Application\4.0.249.78\chrome.d ll

All well and good, EXCEPT that the path indicated as the location of the out-of-date installation does not exist. Specifically, my machine has no subfolders in C:\DOCUME~1\Andy\LOCALS~1\Temp, let alone subfolders within subfolders. I have Explorer set to show hidden files and folders so that's not the explanation. Anyone have another idea?

Hopefully,

Andy

thedillpickl RE: Insecure Chrome found in non-existent folder !?
Contributor 27th Feb, 2010 06:43
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi Andy;

4.0.249.89 is the latest version. PSI is possibly picking up old stuff.

=======
If not already, please run PSI in Advanced Mode. To do this click on the PSI icon in the system tray to open the interface. In the top right corner, is "SIMPLE" blue in color and "ADVANCED" black? If not, click on "ADVANCED". Click on the "Insecure" tab, Click on the [+] to the left of the program. In the "Toolbox" click on the"Technical details" icon. Listed under "Version Detected:" it should be the old version PSI is reporting. The "Installation Path" is where PSI is finding the old stuff. To go there, click on the "Open Folder" icon. This will show the folder where the old file(s) is/are.
=======

Are you saying the folder is empty? Try completely shutting down your machine (power off) and then restart. Now rescan with PSI. Is the problem still there?


regards;

Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
Anthony Wells RE: Insecure Chrome found in non-existent folder !?
Expert Contributor 27th Feb, 2010 09:00
Score: 2453
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 27th Feb, 2010 09:03
Hello Andy ,

Fred's advice is spot on .

Local Settings is a hidden folder and the path is correct if you take out the TEMP part of it . My TEMP folder currently has 4 folder/files in it . I keep it cleaned up using CCleaner , maybe Fred's shutdown/reboot has worked for you .

When you update Chrome , you may find the old version numbered folder left behind in the hidden ..\Google\Application\.. (non Temp) folder- follow Fred's instructions to find it and delete it ; just the old numbered folder .

let us know how you get on

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
thedillpickl RE: Insecure Chrome found in non-existent folder !?
Contributor 28th Feb, 2010 01:59
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Thanks Anthony;

Recently discovered the old folder bit.

Chrome seems very 'user friendly', but not letting you choose to keep/not keep the old version is too much simplification, yes? Or perhaps they should just delete it and not say anything.


Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
sparge RE: Insecure Chrome found in non-existent folder !?
Member 28th Feb, 2010 14:59
Score: 0
Posts: 5
User Since: 27th Feb 2010
System Score: N/A
Location: UK
Hi guys,

Thanks for replies. I'm using OSI, not PSI, so I don't have the Advanced/Basic option. I've cold rebooted and OSI is still saying it has found the same out-of-date version of Chrome in the same non-existent folder. I know Local Settings is hidden by default, but I as I said, I have Explorer set to show hidden files and folders - so the path it is reporting does not exist. I've searched the C: drive and I've found where Chrome actually is. I have two versions of Chrome installed, here: C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Chrome\Application\4.0.249.78 & 4.0.249.89.

So Antony, I have to take out not just \temp but \temp\.. to make the path correct. And \.. would usually denote more subfolders. So that's a pretty incorrect path report, in my book! Something for the developers to fix ...

Anyway, I've just deleted the old version. Thanks for help.

Andy
Was this reply relevant?
+0
-0
Anthony Wells RE: Insecure Chrome found in non-existent folder !?
Expert Contributor 28th Feb, 2010 15:15
Score: 2453
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 28th Feb, 2010 15:28
Andy ,

You don't say what OS you are using , there appear to be "very" hidden files in Windows 7 .

Is OSI still showing an "insecure" listing for Chrome in the ..\Temp\ ..\.. folder , file or whatever it is , since you cleaned up the actual Application folder ??

You could email Secunia on Tuesday at support@Secunia.com in case they don't pick this up tomorrow and you consider it important .

Take care
Anthony

PS: in my defence , I did say "TEMP part of it" in my highly technical fashion :))

PPS: my XP OS is French and as well as hidden files it gives me settings options to show hidden file extensions and system files ; whether that would make a difference for you I have not the slightest idea , I'm afraid .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
sparge RE: Insecure Chrome found in non-existent folder !?
Member 28th Feb, 2010 15:54
Score: 0
Posts: 5
User Since: 27th Feb 2010
System Score: N/A
Location: UK
Hi Antony,

(TEMP) Aha, so you did.
(OS) In my own defence - aha, but I did! In the original post I referred to "my Win XP Home SP3 box". I'm afraid even Vista is a closed book to me, let alone Windows 7. Long may it continue.

Anyway, no, OSI is now happy that I have up-to-date chrominess.

Andy
Was this reply relevant?
+0
-0
Anthony Wells RE: Insecure Chrome found in non-existent folder !?
Expert Contributor 28th Feb, 2010 16:03
Score: 2453
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

So you did as well , t'was lost in my clouds , Andy .

Now you nailed OSI back on it's perch , is PSI running OK despite the "possible driver" installer file glitch ??

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
thedillpickl RE: Insecure Chrome found in non-existent folder !?
Contributor 1st Mar, 2010 01:06
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Glad all is well.

Long live XP!!!

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
sparge RE: Insecure Chrome found in non-existent folder !?
Member 1st Mar, 2010 22:06
Score: 0
Posts: 5
User Since: 27th Feb 2010
System Score: N/A
Location: UK
Hi guys,

Yep, it seems to be running just fine. Italics because of a couple of little niggles pertaining to content rather than athleticism, as it were - and I know it's free for personal use, so these aren't complaints, just observations from a "fresh pair of eyes".

1) First full run with PSI, it pulled up just two apps that needed to be updated. One was WinRar. So I clicked the link provided (nice touch), and snarfed a copy of v3.71. I would have been very happy with this heads-up, except when I looked in my WinRAR archive folder I discovered I already had a copy of v3.92 that I had not got around to installing yet (because I wasn't sure if the license would migrate). Appreciate it's a mighty tall order to keep tabs on the world of all the apps that are out there, even just the popular and well known ones ... but this was quite a discrepancy. I wonder how often this sort of thing happens and goes unnoticed? The only reason I noticed was because I'm a bit obsessive about filing my archives :-)

2) The other app was Adobe SVG viewer, for which a solution link was also offered. I installed the upgrade, and it's still showing as a threat - but now because it's end of life rather than because it's unpatched. The solution offered still takes me to the same page (!). With hindsight, I suppose the ultimate solution was uninstall, not upgrade - but this is part of the newbie learning curve, so cancel that niggle :-)

3) I have briefly flirted with the advanced user interface, and at the moment I'm undecided. There are several end-of-life apps on there that aren't about to get uninstalled, and I don't think I want to know about them from the system tray every time I boot up. Perhaps it would might be a nice refinement to allow the screen output to be a little negotiable?

On the whole, though, no question that my PC is much better off with PSI than without it.

Andy
Was this reply relevant?
+0
-0
Anthony Wells RE: Insecure Chrome found in non-existent folder !?
Expert Contributor 1st Mar, 2010 23:11
Score: 2453
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Andy,

Glad you're up and running .

Your 1) PSI is a vulnerability checker and does not do eye candy , bug fixes ; you get the latest "secure/patched" version not necessarily the latest all singing and dancing toy :)

2)There are several threads dealing with SVG being out of date ; try the search facility at the top of the threads listing , if you can't find them , come back here .

3)Advanced is really the reason for moving on from OSI ; so here are your "newbie" :)) tips . The toolbox (see my 6) below allows you to set an "ignore program" rule using the icon therein if you know why you really want to keep an end of life programme an not be hassled with pop up warnings . The programme's get scanned but PSI will not display them or warn you ; the rules are lited at the botom of the "settings" tab , don't forget about them . You can create your own rules at the same location should you so wish .

To help resolve any problem , here are some instructions to help you first of all get the best out of PSI :-

1)use PSI in "advanced" mode ;
2)in the "settings" tab make sure that the box in the first/upper section is NOT ticked in order to have the maximum info available ;
3)tell us in which "tab(s)" your problem programme is located ;
4)in that tab , click on the + in the box at the left end of the programme , the page will expand ;
5)in the expanded page , tell us what is written in the "installation path" ;
6)in the "toolbox" section , lower down , the link "technical details" should confirm the installation path details ;
7)click on the link "open folder" and you will see more details concerning the location of the "problem" .

Posting these details will help the Forum help you , if/when you have a problem .

Ask if anything is not clear , someone is bound to answer .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+