|tmalomas||PSI reports Google Chrome 6.x not secure for browsing|
|19th Sep, 2010 13:01|
User Since: 30th Apr, 2009
System Score: N/A
The Secure Browsing tab in PSI gives misleading information. It suggests that Google Chrome has two critical attack vectors. Further examination shows that one of these refers to a previous version of Google Chrome, not the version currently installed.
If Secunia's rationale for reporting this is that the Chrome installer doesn't completely remove earlier versions then PSI should report two versions of Chrome, each with one attack vector, not one version with two attack vectors.
The relevant folders are:
|TiMow||RE: PSI reports Google Chrome 6.x not secure for browsing|
|19th Sep, 2010 14:49|
User Since: 26th Jun 2009
System Score: N/A
Last edited on 19th Sep, 2010 14:56
Firstly, it is a (well) known fault with Chrome updates, that the previous version is not removed with the installation of the update. This is a failing with Google and not Secunia - PSI can only report on what it finds. The old version always needs to be manually deleted from it's file location (insecure or not). This is always the case.
The information shouldn't be misleading - when 2 files are present with same insecurity, then you have that insecurity 2 times (once for each file), until the old file is removed.
Secondly, as the latest Chrome update (6.0.472.62), only became available this weekend, and reportedly addresses the problem of the bundled flash insecurity, it is unlikely that Secunia have amended their rules to reflect this, as they don't actively work during weekends.
Maybe tomorrow (Mon.) this will be reviewed.
Computing is not yet a perfect science - it still requires humans.
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.