Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Get message that Google Chrome needs to be updated, but nothing h...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
Katnos Get message that Google Chrome needs to be updated, but nothing happens
Member 29th Apr, 2010 21:25
Ranking: 0
Posts: 1
User Since: 29th Apr, 2010
System Score: N/A
Location: NO
Secunia tells me that Google Chroma needs to be updated, but nomatter how many times I try to update the threat, wich is rated to 4, it still comes up as a threat. Have tried re-scan and restart of maschine, nothing helps.

What could it be???

--
Katnos

Maurice Joyce RE: Get message that Google Chrome needs to be updated, but nothing happens
Handling Contributor 29th Apr, 2010 22:30
Score: 11312
Posts: 8,726
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Lots of answers on the Forum about Google.

Type Google Chome in the search box & it will reveal them for U.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
mogs RE: Get message that Google Chrome needs to be updated, but nothing happens
Expert Contributor 29th Apr, 2010 22:55
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Stable Update: Bug and Security Fixes
Tuesday, April 27, 2010 | 13:54
Labels: Stable updates
Google Chrome 4.1.249.1064 has been released to the Stable channel on Windows.

This release fixes the following issues:
Google Chrome was not using the correct path for the Java plugin for Java Version 6 Update 20.
4.1.249.1059 was much slower on JavaScript benchmarks than 4.1.249.1045. (Issue 42158)

--
Was this reply relevant?
+0
-0
mogs RE: Get message that Google Chrome needs to be updated, but nothing happens
Expert Contributor 29th Apr, 2010 23:05
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
I'd "lost touch" with what was happening regarding Stable Chrome...hence the previous post taken from Google Releases.
As you only have to click on the Spanner and then "About Google Chrome" to update.....I think you are probably trying to say, that Secunia is still detecting old files ?

--
Was this reply relevant?
+0
-0
TiMow RE: Get message that Google Chrome needs to be updated, but nothing happens
Dedicated Contributor 30th Apr, 2010 07:15
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Hi Katnos

A common problem when updating Chrome, is that the new version creates a new file and still leaves the old insecure file, which PSI reports. This old file needs to be manually removed.

You need to use PSI on the Advanced mode interface - click "Advanced" on top right of PSI window, then "OK". Along the top is a series of tabs.

Firstly, to check if Chrome is correctly updated/patched, go to the tab "Patched" and click - here is a list of all your patched programs.

Scroll down to Google Chrome 4.x, and for the version number, you should see 4.1.249.1064 - if you have already updated to the latest up to date version. You may also see a second Chrome entry, version number 4.1.249.1059 (and/or lower version numbers) - this is/these are the old insecure file(s) that needs to be deleted.

Now click the tab "Insecure" (red lettering, when there's a problem). The old Chrome file should be listed here. On its left is "[+]" - click on this to reveal toolbox icons, then find "Open Folder" and click this.

This takes you to the location of the old Chrome file. You should see both the up to date version no. (....1064) and the old version no. (....1059). Make sure the old version no. is highlighted, right click, then delete.

This now goes to recycle bin, where you probably need to further delete it (as PSI also reports its contents). Reboot your PC and full re-scan PSI - this should now resolve this problem.

If your require further assistance, then post back here.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+2
-0
Anthony Wells RE: Get message that Google Chrome needs to be updated, but nothing happens
Expert Contributor 30th Apr, 2010 11:46
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 30th Apr, 2010 11:53
For TiMow

A minor point , but as you know , PSI is a vulnerability checker and not an update checker , so in your very clear update instructions for Chrome , it is not correct to say that the older versions which may show in the "patched" tab are "the old insecure file(s)" and that "they need(s) to be deleted" ; they are only old and deletion is an option .

Only when the files are showing in the "insecure" or "EOL" tabs are they a "potential" threat and need attention as such .

It may be obvious to you and I ;) , but those that need your help may be mislead slightly :( There is already the complication of displaying "insecure" programmes which are fully patched .

Take care
Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
TiMow RE: Get message that Google Chrome needs to be updated, but nothing happens
Dedicated Contributor 30th Apr, 2010 13:20
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Hi Anthony

I can see your point (but .....)

As you know, I try to relate information from a layman's (which I am) perspective to and for what I perceive to be the average home user. Anything requiring more technical advice, I (normally) leave to those better qualified.

In this particular instance, knowing how Chrome updates, it would not be surprising for a user to find more than one version showing under patched - and also in this instance we know that v. ...1045 and v. ...1059 have required security updates, and would/should therefore also show under insecure if still present and would need deleting (although not always the case - v. ...1042 was not showing as insecure when updated if memory serves correct). This was to draw attention to the fact that the old versions(s) are still showing. (I haven't even mentioned secure browsing).

I was just trying to (rightly or wrongly) pre-empt a reply query questioning possible multiple entries under patched tab, but should have gone on to mention that all insecure versions would in fact show under insecure tab, from where they can be dealt with.

I think any possible ambiguity or misinterpretation to the "average" home user is minimal, if not negligible.

The actual reply above, to which you're referring, I copied from a reply to the same problem, I gave yesterday, where one user posted back, commenting how uncomplicated he found it to follow.

But it's always interesting to learn how others actually perceive what one has written - sometimes not always in the way as intended.

All the best

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Anthony Wells RE: Get message that Google Chrome needs to be updated, but nothing happens
Expert Contributor 30th Apr, 2010 17:37
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 30th Apr, 2010 17:42
Hi TiMow ,

Without wishing to prolong the debate or confuse anybody , and having seen your previous thread/response whence I had the same reaction , you mention ..1059 as being the old/insecure version under "patched" which could/has happen(ed) on "occasion" , but would it "normally" appear under "insecure" where you only refer to ..1059 as the "old" version .

Under silent install , Chrome updates to the latest version and "normally" leaves the older version and removes the oldest - hence seeing two versions under "patched" and/or the "old/insecure" version moved to "insecure"; Chrome or PSI can get out of step , but not always (there is also the "relevant" SA as reference) so , in my personal opinion , that should not change our terminology (especially if someone does not have English as the mother tongue).

Like I said above , your advice is clear (and was appreciated by the other recipient) .

Whatever , I have been caught out too often by using short-cuts and pre-empting which has been misleading to a person following the thread ; hence my comment , that was all .

Take care
Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Anthony Wells RE: Get message that Google Chrome needs to be updated, but nothing happens
Expert Contributor 3rd May, 2010 16:52
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 3rd May, 2010 17:06
For TiMow ,

Whilst waiting to see if Katnos needs further help , you might like to add this grist to the wrinkles in your Chrome sponge :))

The release blogspot :-

http://googlechromereleases.blogspot.com/

says this (about security updates) :-

""This release also fixes the following security issues:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.""

So , ignoring the ..1045 mishap , where/when will PSI show the "old/TBA insecure" silent update ?? In patched until it is publicly announced and there is an SA or sent to "insecure" straight-away ??

Should the "complete paranoid" never have more than one (the very latest) version of Chrome installed at all , at all , at any time ??

Should the "concerned" always check the blogspot to see if the "old" version is "insecure" or just a bug fix ??

Should the "relaxed" wait for Secunia and PSI to do their job and display the insecurity when it is in the public domain ??

As one laid back member once posted , the old/insecure version get's removed at the next update anyway , so why worry ??

How insecure actually are the old files before and after public disclosure ??

Oracle's Sun Java still say that you can keep old versions around :-

http://www.java.com/en/download/faq/remove_olderve...

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
TiMow RE: Get message that Google Chrome needs to be updated, but nothing happens
Dedicated Contributor 3rd May, 2010 19:11
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Evening Anthony,

I'm not quite sure why you felt the need to resurrect this one again - I'd put it to bed along time back - I felt I'd explained my position.

I think the originator has long solved his problem, probably after M.J.'s initial response telling him to search - but as it was a simple case of copy and paste, I felt it may also help (someone).

on 3rd May, 2010 16:52, Anthony Wells wrote:

So , ignoring the ..1045 mishap , where/when will PSI show the "old/TBA insecure" silent update ?? In patched until it is publicly announced and there is an SA or sent to "insecure" straight-away ??

Should the "complete paranoid" never have more than one (the very latest) version of Chrome installed at all , at all , at any time ??

Should the "concerned" always check the blogspot to see if the "old" version is "insecure" or just a bug fix ??

Should the "relaxed" wait for Secunia and PSI to do their job and display the insecurity when it is in the public domain ??

As one laid back member once posted , the old/insecure version get's removed at the next update anyway , so why worry ??

How insecure actually are the old files before and after public disclosure ??

Oracle's Sun Java still say that you can keep old versions around :-

http://www.java.com/en/download/faq/remove_olderve...

Take care
Anthony


I would just like to add the following (hopefully, a little less cryptic than the above - you appear to be showing symptoms of "mogs syndrome").

Thanks for the link to the blogspot - I tend not (don't have time) to check these out, unless really necessary - not too concerned with the whys and wherefores - just the solutions - that sometimes I feel able to pass on to others, who may ask. (I don't think we need to get into Java, though).

For the record, I restored Chrome v. ...1059 from recycle bin, and ran a scan. As you are well aware, PSI only reported it under insecure, with only the latest being found in patched. I accept my error - only when previous and current versions are not reported as being insecure do they both show in patched. Interestingly both old and current versions were boxed in red under secure browsing, until I (re-) deleted the old again.

When there's no insecurity with an old version, after a (non-security) update, I have left both versions to see if Google silently remove the old file; similarly to how they update silently - once, the old has been removed, after about a week.

I actually find this a bit troubling, that all of a sudden there's a new Chrome file, without any notification (or user input) - only after a scan (or search) is the user aware.

As I have now seen my minor inaccuracy, to which you were keen to elude, I think we can now mark this as done and dusted - before it starts to confuse/cloud the issue of anyone curious enough to search for solutions re. Chrome insecurities.

Regards

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-1
Anthony Wells RE: Get message that Google Chrome needs to be updated, but nothing happens
Expert Contributor 3rd May, 2010 21:23
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 3rd May, 2010 21:24
Hi TiMow ,

I had hoped my ?? was more a real question and less rhetorical/cryptic than the Mogs' ?! (I must say , I feel honoured to be aligned with our lyrical Welshman :)))

I was tempted to open a new thread as there is reality in my post which you elude to in yours (and nothing to do with the "very minor error" as such) .

on 3rd May, 2010 19:11, TiMow wrote:
Evening Anthony,

I'm not quite sure why you felt the need to resurrect this one again - I'd put it to bed along time back - I felt I'd explained my position.


I would just like to add the following (hopefully, a little less cryptic than the above - you appear to be showing symptoms of "mogs syndrome").


When there's no insecurity with an old version, after a (non-security) update, I have left both versions to see if Google silently remove the old file; similarly to how they update silently - once, the old has been removed, after about a week.

I actually find this a bit troubling, that all of a sudden there's a new Chrome file, without any notification (or user input) - only after a scan (or search) is the user aware.

As I have now seen my minor inaccuracy, to which you were keen to elude, I think we can now mark this as done and dusted - before it starts to confuse/cloud the issue of anyone curious enough to search for solutions re. Chrome insecurities.

Regards

TiMow


There is a very long debate from time back concerning the "silent updates" :-

http://www.google.com/support/forum/p/Chrome/threa...

If you scroll down , there is a recent suggestion for disabling "Google update" in XP , if that interests you .

The arguments will differ for those who wish control all downloads to their machine , compared to those who just want to be up to date and are not bothered how it happens ; not forgetting those who would never be up to date and at (potential risk) without the silent ones .

I am using the Dev channel at the moment and updates are very frequent but only two versions installed at any one time . Flash (Beta version) is embedded in the latest Chrome and there are proposals to auto/silent update that as well !!

My idea was to post something that might interest you and other readers , not to make/belabour any point keenly or otherwise .

Now you can finish the gardening .

Take care

Anthony

PS : As you might guess , it's raining today :(

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
mogs RE: Get message that Google Chrome needs to be updated, but nothing happens
Expert Contributor 3rd May, 2010 21:42
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Particular examples of crypticism, rhetoric or "mogs syndrome" please.Don't leave anything loose, and I may try to make it crystal clear for you. I don't try my hand at any character assassination do I ?! Is this relevant ?!

--
Was this reply relevant?
+1
-0
Anthony Wells RE: Get message that Google Chrome needs to be updated, but nothing happens
Expert Contributor 3rd May, 2010 22:14
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi Mogs ,

From taffy's "OPEN DOOR" I like :)))-

"I'm another year older ! If I get things right, it's not always how I feel ?! "

My birthday is on Friday ?!

"Maybe we could/should work on perspectives here ? "

Would that be relevant ? Is this a thumbs up I see before me , the voting handle towards my hand ??

I've flown to an aerodrome ; if I'd missed would it be a syn .

Take care
Anthony






--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
mogs RE: Get message that Google Chrome needs to be updated, but nothing happens
Expert Contributor 3rd May, 2010 22:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Let no-one accuse you of being a happy bank manager Anthony....as it is this day...as free as ever with your old and new coined phrases....if I don't get it...the exercise will still do me good !
It's over one year since I downloaded Secunia...my wrinkles are very few:
I've probably saved a few pennies.....not enough for a flight ticket.....rarely a repeat from you. Even my eyesight may have improved !
Best wishes,

--
Was this reply relevant?
+0
-0
TiMow RE: Get message that Google Chrome needs to be updated, but nothing happens
Dedicated Contributor 4th May, 2010 08:33
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Hi mogs

I hope you didn't see my casual reference above as a slur against your (good) character, as this was meant in a positive way. There are not enough places where one can mix practical advice with a bit of D.I.Y. philosophical thinking; and I am sure we are all richer for this.

Here is a good example, but by no means the best - with so many posts to trawl thro', and so little time, these will (unfortunately) have to slowly slip away into obscurity - until rediscovered in the future, by those seeking enlightenment.

"RE: Secunia`s Global Community
24th Mar, 2010 08:58

Morning !
Anonymity versus ( or side by side with), more identity? Is the 100% score getting lost ?! One city may be just as corrupt as another ?! What we really need is an IM facility within the Secunia forum ? Would it help maintain our own and Secunia's integrity ? Is it possible?
Just a couple of thoughts....we're not encouraging strange bedfellows ? Some hands don't do any dishes ?! Should we foster a healthy team spirit?! I don't do theories on relativity ?! Best wishes."


All good stuff - but, unfortunately to my detriment, similar posts are sometimes a bit over my schwammkopf. (in German speaking lands, Spongebob Squarepants is known as Spongebob Schwammkopf).

Perhaps, much in the same way as taffy has started his chat room, we should consider a separate place for "mogisms" for those who might think they are developing signs of "mogs syndrome" - but a decipher guide may be required. It's a pity that Fred is no longer active here - he was also another exponent of such rhetoric.

Hi A.W.

Your last reply made more sense - I see why you tagged it here, but creating a new thread, may also have not been a bad idea, as this is a relatively important issue, of which, I'm sure, some users may not be aware.

With a little less questioning, rhetoric and punctuation (as I suggested - mogs syndrome), I could better appreciate the validity of your point.

Regards to both

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
mogs RE: Get message that Google Chrome needs to be updated, but nothing happens
Expert Contributor 4th May, 2010 10:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 4th May, 2010 12:32
Thankyou for the explanation Ti Mow.
I think it was Dylan ( not Zimmermann !), who once said or wrote : this being not a perfect literal quote : and not in defence of any poetic union (!):-
"If I become embroiled in explanation of what I've written previously; I'd not have the time for anything new ."
Present day standards, trends, and liver disease I may be free of ?!
Obscurity doesn't really bother me, but ignorance causes various degrees of present tense ; ....I'm not going off with the alarm ?!
Punctuation for the reader : sometimes more time for breathing ?
No code to decipher ?
When I was a lad, my teachers were much more considerate ?
I too had thought of a "mogs blog".
I'm never gonna be very attractive; nor down in the dumps with a lack of demand !


--
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability