Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Chrome update foible

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as resolved.
thedillpickl Chrome update foible
Contributor 20th Aug, 2010 07:01
Ranking: 376
Posts: 872
User Since: 3rd May, 2009
System Score: 100%
Location: US
Last edited on 20th Aug, 2010 07:15

Hi;

No problem, just trying to understand something.

If you are unaware, I am on a dial-up (slooow) connection and have almost no automatic functions (as far as downloads, especially) turned on.

Power on this morning and (a day early) decided to do some maintenance stuff. One of the first things is to start PSI (no autostart) and get a glass of ice tea. Upon return, I started a manual scan and took the dogs out. Scan showed AOK. Did a couple of other things, then checked the forum. Seeing that Chrome had a new release (thanks mogs) I went to "About Google Chrome", which checks for updates. Clicked on "Update Now", then left to find other things to do. Returned, closed Chrome & reopened, checked version and noted it had changed from .126 to .127, shut down and left for afternoon.

> This is where the 'funny' stuff started. Booted up and after establishing an internet connection & security programs, I started PSI. After a couple of minutes, it reported no insecure programs. I thought that odd, as I knew the old version of Chrome was still there. Actually, I started PSI to use the "Open Folder" thing in the toolbox to delete the old version. Looked in "Secure Browsing", there was Chrome, green as a gourd, PSI showing the .126 version. I had thought PSI would 'notice' the new version, but it didn't. Also,I know sometimes there is a lag before PSI picks up the current update, so I'm not completely weirded out. (I know, only if a patchable vulnerability exists. Chrome updates are almost always...)

>> This is really 'funny'. After I deleted the .126 directory, I checked my e-mail and found a few Secunia things & opened the first. It stopped loading about halfway and the browser quit responding. Seeing the TX/RX light on the faux modem in the tray and realizing PSI was still running, I clicked on the PSI icon. The 'empty box' with "Secunia PSI" in the header opened, so I figured PSI was doing it's 'something changed, so I'll have a look' scan. When PSI finished and fully appeared in it's box, Chrome was gone! Well, not really, my browser was working just fine. But it was not to be found in "Patched" or "Secure Browsing". PSI 'found' Chrome after another manual scan, whew! :D

>>> The question is, did PSI report both the .126 & .127 as being patched? Or, did I happen to do this at the same time Secunia changed their database to show the new version of Chrome??

Anyone with a high speed connection would possibly never have seen this as the 'do it for me' automatics would have handled it. I have been updating Chrome this way for several months and have never had this happen. Like I said, no problem. Just odd as brown socks with black shoes.



Regards;

Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis

Post "RE: Chrome update foible" has been selected as an answer.
Anthony Wells RE: Chrome update foible
Expert Contributor 20th Aug, 2010 13:05
Score: 2437
Posts: 3,324
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 20th Aug, 2010 13:10
Fred ,

The answer is not 42 but "probably" or "possibly" even more likely .

Was the earlier/older version insecure ?? Have you checked the changelog ??

The new version of Chrome may need a browser restart to kick in after silent download , even if it shows in the folder .

The PSI will show programmes removed or added if it is set so to do ; however Chrome updates sometimes need a full scan to show up irrespective ; etc. ,etc.

All these things are common to broadband , nothing to do with dial-up in itself , ust the way you run the PSI and other idiosyncrasies :)).

Take care

Anthony

PPS no time for edits today , on a mouse hunt . Well just one ;-

http://secunia.com/advisories/41014/

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
thedillpickl RE: Chrome update foible
Contributor 20th Aug, 2010 18:17
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi Ant;

Yes. When I started PSI in the morning, I did a full manual scan. PSI reported version .126 as patched. I did not 'look' at the version number at this time, but when updating later I did note the version number then.

No, I have not checked the changelog.

There was no silent download, I initiated it (auto update disabled). I did restart Chrome after the update to .127 . Double checking, Chrome then reported version .127 .

> This is where the gap in time occurred. It was about five or six hours before I continued.

After booting up upon return, PSI was started with the intention of using one of it's utilities to 'easily' navigate to the old version of Chrome to delete it. The first oddity was that PSI still reported .126 as patched and a secure browser. I assumed Secunia had not caught up with Google's patch yet and continued.

I knew .126 was there and wanted to remove it promptly, which I did. As you've mentioned, after five to ten minutes, PSI discovered that the .126 had been removed. (Keep in mind that I'm using the .127 to check my e-mail at the same time.) That is when my browser stopped responding (not enough bandwidth), because PSI 'discovered' that the .126 had been removed and had called Secunia.

When PSI had finished, I had expected it to report the .127 version of Chrome. Instead it reported no Chrome. Of course, a full scan resolved this.

Why did PSI 'loose' Chrome? When it detected that .126 had been removed, it scanned my computer. The internet traffic & hard drives spinning for three minutes told me. Only after I did a manual scan did Chrome reappear.

[Edit: After reading this I had a thought. When PSI scanned because it noticed .126 had been removed, I was downloading e-mail using .127 . When I performed the manual scan that made Chrome reappear, Chrome was shut down. Hmmm.]

Neither version ever showed anything but patched & secure for browsing.

Maybe it is because as a child I was dropped on my head...dropped on my head...dropped on my head. Sorry, sometimes I have this twitch and things go blank. :)


Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
Anthony Wells RE: Chrome update foible
Expert Contributor 20th Aug, 2010 19:45
Score: 2437
Posts: 3,324
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 20th Aug, 2010 19:52
Fred , I was also dropped on my head as a very small child , obviously with a quite a different result .

Following your extended posting to the best of my (head banger's) ability , I would say that everything followed a perfectly logical sequence for those like Secunia and I who do not need an instant response/gratification to our every need .

More importantly , the mouse is resurrected !! A Moroccan "tech" friend put some magic spray (out of a can) on it's circuits and we're off to the races . Maybe something to do with Ramadan . He , me , the mouse , we are all very pleased and no expense spared .

Take care

Anthony

PS : time for an edit , this is what the "spray" is called in generic terms in France :-

http://en.wikipedia.org/wiki/Pschitt

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
thedillpickl RE: Chrome update foible
Contributor 21st Aug, 2010 01:34
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
on 20th Aug, 2010 19:45, Anthony Wells wrote:
... I would say that everything followed a perfectly logical sequence for those like Secunia and I who do not need an instant response/gratification to our every need . ...

I can do logical, if I have to. However, instant gratification supplies a more mind numbing bliss. :)

on 20th Aug, 2010 07:01, thedillpickl wrote:
... The question is, did PSI report both the .126 & .127 as being patched? Or, did I happen to do this at the same time Secunia changed their database to show the new version of Chrome?? ...

My thought is that I hit it just as PSI went from .126 being the patched version to .127 being the patched version. Surely they were not both indicated at the same time, as .127 had security updates included.

Spiritual state of your mouse aside, I'm glad he's working properly again.

I know it's not fair of me to ask a question and then close this thread, but I shall. Is the 'P' silent?


Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability