Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: False positive on Google Chrome 11.x
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
|
Relating to this vendor: |
And, this specific program: Google Chrome 11.x |
| stephensussman | False positive on Google Chrome 11.x |
|---|---|
 |
28th Apr, 2011 22:26 |
|
Ranking: 1 Posts: 8 User Since: 9th Dec, 2010 System Score: N/A Location: N/A |
Installed version is 11.0.696.60. Scan reports it as 11.0.696.50 by mistake and flags it as having a security risk FWIW, I *am* on the beta channel. |
| trapster21 | another false positive for Google Chrome 11.x | ||||||||
|
|
28th Apr, 2011 22:51 | ||||||||
| Score: 8 Posts: 2 User Since: 28th Apr 2011 System Score: N/A Location: UK |
PSI is reporting 'The version detected of Google Chrome 11.x was 11.0.696.60 while the latest version including one or more security fixes is 11.0.696.57'. I might not be the sharpest tool in the box but even I worked out PSI has got this one well wrong! If we are to trust an application to ensure people have the latest version of programs installed on their computers then surely the makers of said application should ensure their application is up to date with the new versions of the programs it is reporting on; especially with high profile sofware titles such as Google Chrome. Alternatively the application could just realise that version ending 60 is newer than version ending 57 and not report a false positive. |
||||||||
|
|||||||||
| stephensussman | RE: False positive on Google Chrome 11.x | ||||||||
|
|
28th Apr, 2011 23:03 | ||||||||
| Score: 1 Posts: 8 User Since: 9th Dec 2010 System Score: N/A Location: N/A |
Really what's going on is v xx.xx.xxx.57 is the stable version and xx.xx.xxx.60 is the most recent one in the beta channel. So the bug is actually that PSI is tracking Chrome at all. Unless it is the "stable" version, PSI shouldn't be looking at it. |
||||||||
|
|||||||||
| Anthony Wells | RE: False positive on Google Chrome 11.x | ||||||||
|
28th Apr, 2011 23:14 | ||||||||
| Score: 2324 Posts: 3,203 User Since: 19th Dec 2007 System Score: N/A Location: N/A |
Hi , Beta and stable are overlapping atm as both 11.x versions ..57 and ..60 . You should note that ..57 is a security fix update and ..60 is a bug/eye candy fix ; the PSI does not monitor either Beta versions or bug fix updates . To the PSI then ..57 is the latest version including security updates/patches ; it records ..60 as it is a stable version which Google will have silently updated you to just now . You can see the details here :- http://googlechromereleases.blogspot.com/ Hope that is clear enough . Anthony -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| trapster21 | RE: False positive on Google Chrome 11.x | ||||||||
|
|
28th Apr, 2011 23:20 | ||||||||
| Score: 8 Posts: 2 User Since: 28th Apr 2011 System Score: N/A Location: UK |
11.x.60 is the stable version for Chrome now. Do a google search 'google chrome releases' and check the blogspot from Karen Grunberg | ||||||||
|
|||||||||
| Anthony Wells | RE: False positive on Google Chrome 11.x | ||||||||
|
|
28th Apr, 2011 23:33 | ||||||||
| Score: 2324 Posts: 3,203 User Since: 19th Dec 2007 System Score: N/A Location: N/A |
From past history , as Chrome stable version has just changed platforms - from 10.x to 11.x - you may well see anomalies in the PSI display as support reset the detection rules . Nothing to panic about ..57 and ..60 are both secure , earlier versions are not and are best deleted . Take care Anthony -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| Anthony Wells | RE: False positive on Google Chrome 11.x | ||||||||
|
|
28th Apr, 2011 23:46 | ||||||||
| Score: 2324 Posts: 3,203 User Since: 19th Dec 2007 System Score: N/A Location: N/A |
@stephensussman , Your version ..50 is an old version of the Beta channel and is insecure and should be deleted ; even if technically it is difficult for the bad guys to access it . It will be at the top of the scan results page as "insecure" or "EOL" . ..57 and/or ..60 should show lower down (alphabetically) as secure during the time that Beta and Stable channel versions overlap . @trapster21 , The PSI display is correct as I have explained above ; ..60 is the latest bug fix whilst ..57 is the latest security fix version . Take care Anthony -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| vijay32 | RE: False positive on Google Chrome 11.x | ||||||||
|
|
29th Apr, 2011 02:19 | ||||||||
| Score: -1 Posts: 3 User Since: 13th Feb 2010 System Score: N/A Location: AU |
Ok. So we just ignore the PSI detection for Chrome (for versions 57 & 60) till support updates the detection rules? | ||||||||
|
|||||||||
| mogs | RE: False positive on Google Chrome 11.x | ||||||||
|
|
29th Apr, 2011 02:39 | ||||||||
| Score: 2163 Posts: 5,883 User Since: 22nd Apr 2009 System Score: 100% Location: UK |
@vijay32 As Anthony explains above...if you have the 57 or 60 version you are secure. The anomalies concerning detection usually seem to occur at weekends when Support staff aren't present, and particularly when Beta/Stable updates coincide. The issue will probably be rectified at the beginning of the week. The main thing is to remove the earlier insecure version/file if that is being detected. Hope this helps....regards, -- |
||||||||
|
|||||||||
| RE: False positive on Google Chrome 11.x | [+] |
|
| This reply has been minimised due to a negative Relevancy Score. | ||
| cmecx | RE: False positive on Google Chrome 11.x | ||||||||
|
|
29th Apr, 2011 13:54 | ||||||||
| Score: 0 Posts: 5 User Since: 5th Jan 2010 System Score: N/A Location: LU |
I also get the waring about Chrome 11.0.696.60 being unsecure. It seems that the last few days, PSI has several issues in correctly comparing product version numbers. I few days ago, I already reported a similar issue with iPrint where a newer version than the security fix version is reported as unsecure (and nothing has been done to fix that so far). | ||||||||
|
|||||||||
| RE: False positive on Google Chrome 11.x | [+] |
|
| This reply has been minimised due to a negative Relevancy Score. | ||
| Anthony Wells | RE: False positive on Google Chrome 11.x | ||||||||
|
|
29th Apr, 2011 18:23 | ||||||||
| Score: 2324 Posts: 3,203 User Since: 19th Dec 2007 System Score: N/A Location: N/A Last edited on 29th Apr, 2011 18:25 |
@cmecx , If your thread has not been replied to and/or has closed automatically , you should bring this to the attention of support@secunia.com by email . They are likely to have gone by now for the weekend - PSI wise - so best wait to make contact on Monday (CET) of next week and refer them to your own thread/problem . @normanp , I do not agree with thread hijacking , so if you have a problem with the way Secunia operates the PSI and displays alerts , I would suggest your create your own thread ; see the lhs column of this page . The same applies if you have a problem with Adobe products ; updating and correcting the detection rules have their own mystery including the difference between Acrobat X and Reader X. Hope that is clear . Anthony -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
