Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: detecting Chrome v8 in Windows 7 64 bit

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
OSI

This thread has been marked as locked.
mikeinus detecting Chrome v8 in Windows 7 64 bit
Member 27th Jan, 2011 17:36
Ranking: 0
Posts: 5
User Since: 27th Jan, 2011
System Score: N/A
Location: US
I am using Windows 7 64 bit, logged on as a restricted user. Java is v6 update 22.

OSI detects two copies of the Chrome v8 browser and neither seems to be correct. Both detections are in a "temp" folder and according to Process Explorer, Chrome runs out of

C:\Users\xxx\AppData\Local\Google\Chrome\Applicati on\chrome.exe

One version in the temp folder is said to be current, one is flagged as old.

I would provide the exact path to where OSI found Chrome, but the full path is not displayed. This is a second problem.

Thank you.

Michael Horowitz

mogs RE: detecting Chrome v8 in Windows 7 64 bit
Expert Contributor 27th Jan, 2011 18:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
What version of Chrome are you running ? Baring in mind that Secunia does not monitor Beta/Dev nor Canary versions......the two detections; if not correct; could be older file/versions which need to be manually removed....Tho' I have recently had an instance of the older version being removed automatically.
So to recap....if you were running the new Beta version....it would not show up. The older versions if Stable vulnerable.....would.
It's quite some time since I took OSI for a spin, so I'm not certain how to ascertain the file path....click on the +sign alongside the insecure entry and all is revealed ?
Hope this helps...regards,

--
Was this reply relevant?
+1
-0
mikeinus RE: detecting Chrome v8 in Windows 7 64 bit
Member 27th Jan, 2011 19:10
Score: 0
Posts: 5
User Since: 27th Jan 2011
System Score: N/A
Location: US
My note said that I was running Chrome v8. Specifically it is version 8.0.552.237.

I ran OSI under the current version of Firefox, 3.6.13.

The detected versions of Chrome from OSI were in

C:\Users\MICHAE~2\AppData\Local\Temp\..\applicatio n data\google\Chrome\Application\[version number here]\chrome.dll

Hard to know exactly where this is since one part of the path is omitted and the other is abbreviated.

Since Chrome does not run out of a "temp" folder, this seems to be a bug in OSI. Plus, it missed the actual live copy of Chrome.



Was this reply relevant?
+0
-0
mogs RE: detecting Chrome v8 in Windows 7 64 bit
Expert Contributor 27th Jan, 2011 19:30
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 27th Jan, 2011 19:30
If I follow the path :-
C:\Users\username\AppData\Local\Google\Chro me\Application........I find the old/new versions and simply delete the previous. Does that help ?

--
Was this reply relevant?
+0
-0
mikeinus RE: detecting Chrome v8 in Windows 7 64 bit
Member 27th Jan, 2011 19:58
Score: 0
Posts: 5
User Since: 27th Jan 2011
System Score: N/A
Location: US
To be clear there are three issues:

Chrome in a temp folder is being detected, which it should not, because its not the live version of the browser

The live version of the browser was not detected at all

The path names are truncated

Michael

Was this reply relevant?
+0
-0
mogs RE: detecting Chrome v8 in Windows 7 64 bit
Expert Contributor 27th Jan, 2011 20:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Presumeably, you are aware that Secunia will detect insecurities even if in the Recycle bin ? Have you cleared out temp. files/browser cache before running a scan ?
Have you checked thro' the OSI FAQ's here :-
http://secunia.com/vulnerability_scanning/online/f...
Does the Java applet load okay.....22 isn't the latest version...23 is....tho' 22 ; as far as I'm aware, is still secure with regard to Secunia monitoring.
Hope the foregoing is of some help...........

--
Was this reply relevant?
+0
-0
j.marcus.lehmann RE: detecting Chrome v8 in Windows 7 64 bit
Member 27th Jan, 2011 20:35
Score: 0
Posts: 15
User Since: 2nd Sep 2010
System Score: N/A
Location: DE
Last edited on 27th Jan, 2011 20:39
on 27th Jan, 2011 19:58, mikeinus wrote:
Chrome in a temp folder is being detected, which it should not, because its not the live version of the browser

Michael


You won't find any folders or files of Google Chrome out of the application data-folder. All files are stored on C:\Users\User\AppData\Local\Google\Chrome\Applicat ion.

When opening the path of chrome.exe you'll be lead to C:\Users\User\AppData\Local\Google\Chrome\Applicat ion again.

So Secunia OSI works fine in this case.

By upgrading Google Chrome to a newer version the old version won't be replaced. You have to uninstall it (delete the folder of the old version) by yourself.
Was this reply relevant?
+1
-0
Maurice Joyce RE: detecting Chrome v8 in Windows 7 64 bit
Handling Contributor 28th Jan, 2011 01:22
Score: 11610
Posts: 8,906
User Since: 4th Jan 2009
System Score: N/A
Location: UK
@mogs
PSI version 2 should not be scanning the Recycle Bin to find anything. If this is the case with your PC U should report it as a bug.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
mikeinus RE: detecting Chrome v8 in Windows 7 64 bit
Member 28th Jan, 2011 02:39
Score: 0
Posts: 5
User Since: 27th Jan 2011
System Score: N/A
Location: US
To be perfectly clear:

The system has Java 6 Update 22, while Update 23 is currently the latest. However, the system requirements for OSI are simply Java 6.

The Java applet loads just fine. Tested it a javatester.org.

I did not do a "thorough" system inspection so OSI should not find anything in the recycle bin. And, it did not.

I ran OSI in both the latest edition of Firefox (3.6.13) and the latest edition of Chrome v8 with the same results.

Again, there appear to be THREE problems.

1. Chrome v8 runs out of

C:\Users\[userid]\AppData\Local\Google\Chrome\Appl ication\chrome.exe

This is not detected at all by OSI.

2. Two copies of Chrome in a temp folder are being detected by OSI. One copy is flagged as current one is flagged as old, but neither are the live copy of Chrome.

3. The path names for the detected copies of Chrome are truncated making it hard to know what the exact path is.






Was this reply relevant?
+0
-0
mikeinus RE: detecting Chrome v8 in Windows 7 64 bit
Member 28th Jan, 2011 02:46
Score: 0
Posts: 5
User Since: 27th Jan 2011
System Score: N/A
Location: US
Here is a screen shot

http://img442.imageshack.us/img442/4048/secuniaosi...

Was this reply relevant?
+0
-0
mogs RE: detecting Chrome v8 in Windows 7 64 bit
Expert Contributor 28th Jan, 2011 09:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@Maurice
Thanks for the info Maurice.....I havn't had any "incidents" with psi 2.0 yet, of it detecting any insecurities in the bin or otherwise, but will bear it in mind.
Presumeably OSI still operates as it did tho' ?

--
Was this reply relevant?
+0
-0
mogs RE: detecting Chrome v8 in Windows 7 64 bit
Expert Contributor 28th Jan, 2011 09:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 28th Jan, 2011 09:20
@mikeinus
Hello again....the way I read your screenshot....it is identifying/recognizing that you have the latest Chrome installed : 8.0.552.237.
It is also picking up a previous file for 8.0.552.224........as insecure; and it is that which you need to remove. If you follow the 224 file path you should be able to delete.
That is one problem....removal of the old file/version.
Hope this helps.....regards,

--
Was this reply relevant?
+1
-0
M.Hansen RE: detecting Chrome v8 in Windows 7 64 bit
Secunia Official 28th Jan, 2011 12:53
Score: 188
Posts: 410
User Since: 26th Jan 2009
System Score: N/A
Location: Copenhagen, DK
Hi
Thank you for your email.

I decided that I'd reply here, so everyone could benefit from the answer.


Unlike the other programs that is covered by the OSI, Google Chrome is located the user directory.

When performing a fast scan with the OSI, only known installation paths is scanned.
As the path for Google Chrome would differ because of the username, we have made a workaround so the OSI is still capable of detecting it.

This causes the path to look like it is trunked.
However, if you copy the path (exclude chrome.dll) and paste the path into the folder addressbar/path bar. You will notice that these two path will refer to the same folder:

C:\Users\username~1\AppData\Local\Temp\..\applicat ion data\google\Chrome\Application\8.0.552.237

C:\Users\username\AppData\Local\Application Data\google\Chrome\Application\8.0.552.237


I hope this answered your question.

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability