Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: False positive on Google Chrome 11.x

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Google
And, this specific program:
Google Chrome 11.x

This thread has been marked as locked.
stephensussman False positive on Google Chrome 11.x
Member 28th Apr, 2011 22:26
Ranking: 1
Posts: 8
User Since: 9th Dec, 2010
System Score: N/A
Location: N/A
Installed version is 11.0.696.60. Scan reports it as 11.0.696.50 by mistake and flags it as having a security risk

FWIW, I *am* on the beta channel.

trapster21 another false positive for Google Chrome 11.x
Member 28th Apr, 2011 22:51
Score: 8
Posts: 2
User Since: 28th Apr 2011
System Score: N/A
Location: UK
PSI is reporting 'The version detected of Google Chrome 11.x was 11.0.696.60 while the latest version including one or more security fixes is 11.0.696.57'.

I might not be the sharpest tool in the box but even I worked out PSI has got this one well wrong!

If we are to trust an application to ensure people have the latest version of programs installed on their computers then surely the makers of said application should ensure their application is up to date with the new versions of the programs it is reporting on; especially with high profile sofware titles such as Google Chrome. Alternatively the application could just realise that version ending 60 is newer than version ending 57 and not report a false positive.
Was this reply relevant?
+7
-0
stephensussman RE: False positive on Google Chrome 11.x
Member 28th Apr, 2011 23:03
Score: 1
Posts: 8
User Since: 9th Dec 2010
System Score: N/A
Location: N/A
Really what's going on is v xx.xx.xxx.57 is the stable version and xx.xx.xxx.60 is the most recent one in the beta channel.

So the bug is actually that PSI is tracking Chrome at all. Unless it is the "stable" version, PSI shouldn't be looking at it.
Was this reply relevant?
+1
-0
Anthony Wells RE: False positive on Google Chrome 11.x
Expert Contributor 28th Apr, 2011 23:14
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

Beta and stable are overlapping atm as both 11.x versions ..57 and ..60 .

You should note that ..57 is a security fix update and ..60 is a bug/eye candy fix ; the PSI does not monitor either Beta versions or bug fix updates .

To the PSI then ..57 is the latest version including security updates/patches ; it records ..60 as it is a stable version which Google will have silently updated you to just now .

You can see the details here :-

http://googlechromereleases.blogspot.com/

Hope that is clear enough .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
trapster21 RE: False positive on Google Chrome 11.x
Member 28th Apr, 2011 23:20
Score: 8
Posts: 2
User Since: 28th Apr 2011
System Score: N/A
Location: UK
11.x.60 is the stable version for Chrome now. Do a google search 'google chrome releases' and check the blogspot from Karen Grunberg
Was this reply relevant?
+1
-0
Anthony Wells RE: False positive on Google Chrome 11.x
Expert Contributor 28th Apr, 2011 23:33
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

From past history , as Chrome stable version has just changed platforms - from 10.x to 11.x - you may well see anomalies in the PSI display as support reset the detection rules . Nothing to panic about ..57 and ..60 are both secure , earlier versions are not and are best deleted .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
Anthony Wells RE: False positive on Google Chrome 11.x
Expert Contributor 28th Apr, 2011 23:46
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@stephensussman ,

Your version ..50 is an old version of the Beta channel and is insecure and should be deleted ; even if technically it is difficult for the bad guys to access it . It will be at the top of the scan results page as "insecure" or "EOL" . ..57 and/or ..60 should show lower down (alphabetically) as secure during the time that Beta and Stable channel versions overlap .

@trapster21 ,

The PSI display is correct as I have explained above ; ..60 is the latest bug fix whilst ..57 is the latest security fix version .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
vijay32 RE: False positive on Google Chrome 11.x
Member 29th Apr, 2011 02:19
Score: -1
Posts: 3
User Since: 13th Feb 2010
System Score: N/A
Location: AU
Ok. So we just ignore the PSI detection for Chrome (for versions 57 & 60) till support updates the detection rules?
Was this reply relevant?
+1
-0
mogs RE: False positive on Google Chrome 11.x
Expert Contributor 29th Apr, 2011 02:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@vijay32
As Anthony explains above...if you have the 57 or 60 version you are secure.
The anomalies concerning detection usually seem to occur at weekends when Support staff aren't present, and particularly when Beta/Stable updates coincide. The issue will probably be rectified at the beginning of the week. The main thing is to remove the earlier insecure version/file if that is being detected.
Hope this helps....regards,

--
Was this reply relevant?
+2
-0

Protopia

RE: False positive on Google Chrome 11.x
[+]
This reply has been minimised due to a negative Relevancy Score.
cmecx RE: False positive on Google Chrome 11.x
Member 29th Apr, 2011 13:54
Score: 0
Posts: 5
User Since: 5th Jan 2010
System Score: N/A
Location: LU
I also get the waring about Chrome 11.0.696.60 being unsecure. It seems that the last few days, PSI has several issues in correctly comparing product version numbers. I few days ago, I already reported a similar issue with iPrint where a newer version than the security fix version is reported as unsecure (and nothing has been done to fix that so far).
Was this reply relevant?
+1
-1

normanp

RE: False positive on Google Chrome 11.x
[+]
This reply has been minimised due to a negative Relevancy Score.
Anthony Wells RE: False positive on Google Chrome 11.x
Expert Contributor 29th Apr, 2011 18:23
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 29th Apr, 2011 18:25
@cmecx ,

If your thread has not been replied to and/or has closed automatically , you should bring this to the attention of support@secunia.com by email . They are likely to have gone by now for the weekend - PSI wise - so best wait to make contact on Monday (CET) of next week and refer them to your own thread/problem .

@normanp ,

I do not agree with thread hijacking , so if you have a problem with the way Secunia operates the PSI and displays alerts , I would suggest your create your own thread ; see the lhs column of this page .

The same applies if you have a problem with Adobe products ; updating and correcting the detection rules have their own mystery including the difference between Acrobat X and Reader X.

Hope that is clear .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+3
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability