navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
Open Discussions
My Threads
Create Thread

Forum Thread: How to fix Psi report of chrome insecure

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:

Relating to this vendor:
And, this specific program:
Google Chrome 5.x

This thread has been marked as locked.
gordon55y How to fix Psi report of chrome insecure
Member 23rd Jul, 2010 04:56
Ranking: 0
Posts: 1
User Since: 23rd Jul, 2010
System Score: N/A
Location: US
I have done some investigation, and I thought I would document my experience.
The google chrome browser has a nasty habit of keeping the previous version
of chrome on your machine when you upgrade to the latest chrome.
You can see the versions at:
C:/users/<user>/AppData/local/google/chrome/applic ation/versionN
C:/users/<user>/AppData/local/google/chrome/applic ation/versionN+1

The chrome.exe is at:
C:/users/<user>/AppData/local/google/chrome/applic ation/chrome.exe

The chrome.exe is somehow smart enough to select the most recent .dll
from the versionN+1 folder. So, in theory the versionN/chrome.dll would never run.
However, Psi detects the versionN/chrome.dll and says it is insecure.
I would argue that the chrome install should remove versionN when installing
versionN+1. That has been debated at google chrome:

Some have suggested to simply delete the versionN folder manually.
That seems clumsy to me.
I have discovered that if you simply install versionN+1 again (twice),
the second install will remove the versionN folder.
And that fixes the Psi report of insecure chrome.
By the way, you cannot install chrome twice from chrome, you need to
do it from another browser. I used FF.

Thanks for Psi. I never would have found some of this stuff on my own.

Anthony Wells RE: How to fix Psi report of chrome insecure
Expert Contributor 23rd Jul, 2010 10:40
Score: 2468
Posts: 3,356
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 23rd Jul, 2010 10:51
@Gordon55y ,

When the Google Chrome stable version updates (silently or by your manual choice) , the PSI (in "advanced" mode) will display either N and N+1 as both showing in the "patched" tab or an insecure/vulnerable N will move and show in the "insecure" tab .

The PSI only picks up a Dev channel or Beta version of Chrome as Google Gears 0.x , always in the "patched" tab unless gears itself has been updated (very infrequently) , but each still located in either the N or N+1 folder .

If you click the [+] at the left end of any of the displayed programmes , it/the page will expand , lower down in the "Toolbox" section is an "open folder" icon , click on this and you are taken to the N or N+1 version numbered "sub folder(s)" (using Explorer on my XP SP3) , highlight the one you wish to remove , right click and delete .

I have not found this clumsy , perhaps not elegant , and much quicker than the option of a reinstall/overinstall .

Chacun à ses défauts :))

Take care

PS: have always guessed that the older version was/is left behind so that the interested/developers could easily compare the updates ; not really a problem until there is a security update . While/if the .exe can pick/see between two .dll's , then so can a "bad guy" - nothing is 100% , sure except death and taxes - so I always kill the "vulnerable" versions .


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?

This thread has been marked as locked.

 Products Solutions Customers Partner Resources Company
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
Technology Partners
 About us

Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
Secunia © 2002-2015 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+