navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: patches

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Google
And, this specific program:
Google Chrome 4.x

This thread has been marked as locked.
vascoz patches
Member 29th Apr, 2010 00:54
Ranking: 0
Posts: 1
User Since: 28th Apr, 2010
System Score: N/A
Location: N/A
I have applied the solution to Google Chrome 4.x but the threat is still showing on the list despite a rescan. Does anyone know if the patch has worked? Or is it just a PSI scanning problem?

M.Hansen RE: patches
Secunia Official 29th Apr, 2010 08:24
Score: 188
Posts: 412
User Since: 26th Jan 2009
System Score: N/A
Location: Copenhagen, DK
Hi

Try to look at the file path for the insecure version of Chrome (Advanced Interface in the PSI)
Chrome will in most cases keep the former version alongside with the newest version in the Chrome installation folder. (Due to the way it silently update itself)

There should be 2 folders in the Chrome installation folder, on with the current version number and one with and older version number.
TiMow RE: patches
Dedicated Contributor 29th Apr, 2010 08:46
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 29th Apr, 2010 09:35
Hi vascoz

A common problem when updating Chrome, is that the new version creates a new file and still leaves the old insecure file, which PSI reports. This old file needs to be manually removed.

You need to use PSI on the Advanced mode interface - click "Advanced" on top right of PSI window, then "OK". Along the top is a series of tabs.

Firstly, to check if Chrome is correctly updated/patched, go to the tab "Patched" and click - here is a list of all your patched programs.

Scroll down to Google Chrome 4.x, and for the version number, you should see 4.1.249.1059 ** - which is the latest up to date version. You may also see a second Chrome entry, version number 4.1.249.1045 - this is the old insecure file that needs to be deleted.

Now click the tab "Insecure" (red lettering, when there's a problem). The old Chrome file should be listed here. On its left is "[+]" - click on this to reveal toolbox icons, then find "Open Folder" and click this.

This takes you to the location of the old Chrome file. You should see both the up to date version no. (....1059) and the old version no. (....1045). Make sure the old version no. is highlighted, right click, then delete.

This now goes to recycle bin, where you probably need to further delete it (as PSI also reports its contents). Reboot your PC and full re-scan PSI - this should now resolve this problem.

If your require further assistance, then post back here.

TiMow

EDIT: I'm a slow typist - M. Hansen's reply beat mine - the info is the same; I've just given a bit more detail.

** I've just noticed that Chrome has run a silent install and version 4.1.249.1064 is now the latest, (as of 28 April 2010, 16:38:32 - installation on my PC), but this is not picked up by PSI, until I run a scan, to check if v. ....1059 is now insecure or not.

EDIT 2: Just run a scan v. ....1059 is insecure and needs to be removed (when I deleted mine, PSI picked up the change without reboot or re-scan); just to clarify - 4.1.249.1064 is latest, patched version - all older versions need to be deleted, as described above.

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
njvann RE: patches
Member 30th Apr, 2010 02:30
Score: 0
Posts: 1
User Since: 29th Apr 2010
System Score: N/A
Location: AU
Thanks guys its now done. Really appreciate TiMow's step by step instructions as not being a computer expert they were easy to follow.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+