Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI reports Google Chrome 6.x not secure for browsing

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
tmalomas PSI reports Google Chrome 6.x not secure for browsing
Member 19th Sep, 2010 13:01
Ranking: 5
Posts: 8
User Since: 30th Apr, 2009
System Score: N/A
Location: N/A
The Secure Browsing tab in PSI gives misleading information. It suggests that Google Chrome has two critical attack vectors. Further examination shows that one of these refers to a previous version of Google Chrome, not the version currently installed.

If Secunia's rationale for reporting this is that the Chrome installer doesn't completely remove earlier versions then PSI should report two versions of Chrome, each with one attack vector, not one version with two attack vectors.

The relevant folders are:
C:\Users\<username>\AppData\Local\Google\Chrome\Ap plication\6.0.472.59\chrome.dll C:\Users\<username>\AppData\Local\Google\Chrome\Ap plication\6.0.472.62\chrome.dll

TiMow RE: PSI reports Google Chrome 6.x not secure for browsing
Dedicated Contributor 19th Sep, 2010 14:49
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 19th Sep, 2010 14:56
Two points:

Firstly, it is a (well) known fault with Chrome updates, that the previous version is not removed with the installation of the update. This is a failing with Google and not Secunia - PSI can only report on what it finds. The old version always needs to be manually deleted from it's file location (insecure or not). This is always the case.

The information shouldn't be misleading - when 2 files are present with same insecurity, then you have that insecurity 2 times (once for each file), until the old file is removed.

Secondly, as the latest Chrome update (6.0.472.62), only became available this weekend, and reportedly addresses the problem of the bundled flash insecurity, it is unlikely that Secunia have amended their rules to reflect this, as they don't actively work during weekends.

Maybe tomorrow (Mon.) this will be reviewed.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+2
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer