navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Google Chrome Report Previously Working

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
Tholly Google Chrome Report Previously Working
Member 11th Dec, 2010 00:57
Ranking: 2
Posts: 10
User Since: 7th Nov, 2010
System Score: N/A
Location: US
In the PSI "Secure Browsing" tab I no longer see a report on the status of Google Chrome.

The post update from Chrome 7.x to 8.x actions I took are probably the cause of this problem. Perhaps I should uninstall PSI and start fresh? I would like to avoid the re-installation as the cure if possible and am not sure if re-installation would indeed fix the problem. This is a learning opportunity for me and I appreciate all help received.

History of events: (apologies if too much detail)

1) Recently (about 1 month ago) installed Win 7.

2) As part of another download ... Google Chrome 7.x was included.

3) PSI scanned the working version of Chrome 7.x and there were no issues.

4) Upgraded to Chrome 8.x.

5) PSI recently reported an issue with Chrome 7.x and I was confused because both 7.x and 8.x had Secunia reports. The 8.x report was clean and only the 7.x version was red flagged.

6) I tried to uninstall Chrome 7.x and the Win 7 uninstall application only showed 8.x as present.

7) I followed the link in the Secunia report to find a Chrome 7.x folder with over 100 files. There is also a similar folder for the 8.x version.

8) I moved the 7.x folder to the recycle bin and performed another PSI scan. PSI found and reported the issue for 7.x and showed its path in the recycle bin which is thorough and accurate.

9) Unable to properly uninstall 7.x ... I begrudgingly deleted the 7.x folder from the recycle bin.

10) Now, PSI scans are not finding Chrome 8.x and there is no report for Chrome ... yet I can open Chrome 8.x and it appears to be working properly.

Even though I am very new as a Secunia user ... I am a huge advocate and have introduced Secunia to others who are now using it as well. I hope this issue is easily resolved and I greatly appreciate all help. Thanks!

TiMow RE: Google Chrome Report Previously Working
Dedicated Contributor 11th Dec, 2010 10:52
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 11th Dec, 2010 17:32
It is normal for Chrome to create a new file with each update, still leaving the old insecure file(s).
It is also, unfortunately normal, that, each old numbered file needs to be manually deleted, from it's file location, and subsequently from Recycle bin - as you have done.
So far, so good.

I updated Chrome over a week ago, and initially PSI didn't pick it up either in Patched or Secure Browsing tabs, 'til after the w/e - then only in Patched tab.

As of time of writing, there is still no browser box for Chrome in Secure Browser.

This has happened before with previous updates, and can take 1 wk.- 10 days to sort out.

With last update, prior to 8.x, it took this time, and needed a full exit from PSI tray icon (1.5.0.2) and re-launch from All Programs, to re-instate the browser box for Chrome.

I suggest you try this from time-to-time (although probably no change over w/e, until Mon. business hours [C.E.T.]).
I wouldn't change anything at your end -- regarding un- and re- installation of PSI or Chrome -- but just wait a bit longer.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+2
-0
Tholly RE: Google Chrome Report Previously Working
Member 11th Dec, 2010 18:59
Score: 2
Posts: 10
User Since: 7th Nov 2010
System Score: N/A
Location: US
TiMow --

Thank you for the reply. It is very reassuring as far as a resolution being probable with little action on my part. Learning that my deletion of the old Chrome files folder was the correct action is also reassuring. I have totally closed and reopened Secunia and performed another scan with the same results. I'm wondering now if somehow a "deeper" scan only occurs periodically and is different than the manually initiated scan? Maybe it is somehow a database of some sort refreshing issue? Having previously seen the Chrome 8.x report and it disappearing makes me realize I know too little about the Secunia program ... either how the scheduling works or how to initiate a scan as if it was a fresh install. It also seems likely the issue could be a result of Chrome's rather inadequate house keeping upon upgrading to a new version? I have a feeling there are some registry issues now with Chrome ... but my skills with the registry are weak at best and I try to avoid experimenting with such a crucial operating system component when at all possible. Its good if the mystery solves itself with time ... but best if I can learn from this event and really understand the combination of operating system, Chrome, and Secunia interactions for this particular event. I feel an obligation to understand Secunia beyond my novice status because I am recommending it to others. These folks so far have only asked me the most basic of questions and I've been able to help them. Some are simply too busy or they would have figured their questions out easily ... or they are reluctant to post to forums for reasons I will never understand.

Thank you again for your reply and I'll post the resolution here when it occurs so that others might benefit.

-- Tholly
Was this reply relevant?
+0
-0
TiMow RE: Google Chrome Report Previously Working
Dedicated Contributor 11th Dec, 2010 19:48
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 11th Dec, 2010 19:51
The scans run automatically, 7 days after the last one, but you you can manually instigate one at any time, and subsequently the next one be will be a further 7 days after this - unless you run another manual scan in the meantime - then another 7 days, and so on.

What you suggest about a periodic deeper scan isn't the case. Each full scan checks your installed software versions and compares with Secunia's database to see if there are any with a reported vulnerability, and will notify you to this and provide a vendor update link (when/if available)

As and when there is reporting omission (as with Chrome browser box, now), it is often/usually that Secunia's detection rules/database haven't been fully updated, or other similar problem. [Occasionally a new program isn't yet on their database and can be suggested by the user - this wont be the case with Chrome].

Doing anything with registry, when not entirely sure, is always risky and It isn't necessary in this instance.

You're correct (in my opinion) about Google's "inadequate" update procedure, that makes the process more complicated than other software vendors, and it needs to be - I'm sure they have a reason/explanation for this, but haven't uncovered it yet.

For a further insight into PSI see this link:

http://secunia.com/vulnerability_scanning/personal...

In case of insomnia only, here are three threads along the same lines, for the last 3 Chrome updates.

http://secunia.com/community/forum/thread/show/604...

http://secunia.com/community/forum/thread/show/601...

and

http://secunia.com/community/forum/thread/show/540...


TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+3
-0
Tholly RE: Google Chrome Report Previously Working
Member 12th Dec, 2010 05:56
Score: 2
Posts: 10
User Since: 7th Nov 2010
System Score: N/A
Location: US
Last edited on 12th Dec, 2010 05:58
TiMow --

Thank you again!

I read every link and then some. Learning some of the PSI-Chrome history is very helpful and in addition the conversations taught me more about Chrome. I've been eying the red Secunia icon in the tray for a couple weeks and am hopeful the Tuesday 14'th bulletin (patches) from Microsoft would clear the red flagged IE. It was a bit of a surprise when I noticed Chrome 7.x now being red flagged ... but I am so new to PSI that perhaps I just need to relax a bit. I like having the red Secunia icon in the tray when not all is right. The indicator is not too obtrusive and its the perfect reminder.

Seems bizarre to me that the Chrome 8.x report was in the Secure Browsing tab and disappeared upon my deleting the 7.x folder. Your replies have me convinced there is nothing for me to be alarmed about. Now I'm just wanting to pass along my observations so that the PSI gurus can be alerted and perhaps solve a very minor problem. Because I am enjoying PSI so much and grateful for it being so useful and free ... I feel an obligation to pass along any observations of mine that might be of use.

Again, I'll post here once resolved.
Was this reply relevant?
+0
-0
TiMow RE: Google Chrome Report Previously Working
Dedicated Contributor 12th Dec, 2010 12:34
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
on 12th Dec, 2010 05:56, Tholly wrote:
..... and am hopeful the Tuesday 14'th bulletin (patches) from Microsoft would clear the red flagged IE.



Don't hold your breath - there has been one or another insecurity with IE8 (with different applicable Secunis Advisories), to varying threat levels, for many months.

Only the really severe seem to be addressed by M$ (eventually), but the current one has been unattended for some little while. The clue is in the secure browsing box - "Insecure, no solution".

Even if this is addressed, another lesser threat level will still be present.

M$ efforts are now concentrated on IE9, in beta testing; so the IE8 insecurities are left to us poor mortals running XP, who can't run IE9.

That is why there are Firefox and Chrome (and others).

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
Woulouf RE: Google Chrome Report Previously Working
Member 12th Dec, 2010 12:55
Score: 10
Posts: 13
User Since: 4th Nov 2009
System Score: 100%
Location: FR
Last edited on 12th Dec, 2010 12:56
on 12th Dec, 2010 05:56, Tholly wrote:
hopeful the Tuesday 14'th bulletin (patches) from Microsoft would clear the red flagged IE.



Hi,

about IE 8 vulnerability : http://secunia.com/community/forum/thread/show/667...


And the problem with Chrome 8 has already been discussed and partially solved.

See : http://secunia.com/community/forum/thread/show/663...


Regards.

--
PSI 2.0 (attentive) user
----------------------------------
Well, it's just a damn hole-fixing-story ..... isn't it ?
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+