Relating to this vendor:
And, this specific program:
Google Chrome 5.x
|gordon55y||How to fix Psi report of chrome insecure|
|23rd Jul, 2010 04:56|
User Since: 23rd Jul, 2010
System Score: N/A
I have done some investigation, and I thought I would document my experience.
The google chrome browser has a nasty habit of keeping the previous version
of chrome on your machine when you upgrade to the latest chrome.
You can see the versions at:
The chrome.exe is at:
The chrome.exe is somehow smart enough to select the most recent .dll
from the versionN+1 folder. So, in theory the versionN/chrome.dll would never run.
However, Psi detects the versionN/chrome.dll and says it is insecure.
I would argue that the chrome install should remove versionN when installing
versionN+1. That has been debated at google chrome:
Some have suggested to simply delete the versionN folder manually.
That seems clumsy to me.
I have discovered that if you simply install versionN+1 again (twice),
the second install will remove the versionN folder.
And that fixes the Psi report of insecure chrome.
By the way, you cannot install chrome twice from chrome, you need to
do it from another browser. I used FF.
Thanks for Psi. I never would have found some of this stuff on my own.
|Anthony Wells||RE: How to fix Psi report of chrome insecure|
|23rd Jul, 2010 10:40|
User Since: 19th Dec 2007
System Score: N/A
Last edited on 23rd Jul, 2010 10:51
When the Google Chrome stable version updates (silently or by your manual choice) , the PSI (in "advanced" mode) will display either N and N+1 as both showing in the "patched" tab or an insecure/vulnerable N will move and show in the "insecure" tab .
The PSI only picks up a Dev channel or Beta version of Chrome as Google Gears 0.x , always in the "patched" tab unless gears itself has been updated (very infrequently) , but each still located in either the N or N+1 folder .
If you click the [+] at the left end of any of the displayed programmes , it/the page will expand , lower down in the "Toolbox" section is an "open folder" icon , click on this and you are taken to the N or N+1 version numbered "sub folder(s)" (using Explorer on my XP SP3) , highlight the one you wish to remove , right click and delete .
I have not found this clumsy , perhaps not elegant , and much quicker than the option of a reinstall/overinstall .
Chacun à ses défauts :))
PS: have always guessed that the older version was/is left behind so that the interested/developers could easily compare the updates ; not really a problem until there is a security update . While/if the .exe can pick/see between two .dll's , then so can a "bad guy" - nothing is 100% , sure except death and taxes - so I always kill the "vulnerable" versions .
It always seems impossible until its done.
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.