navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Chrome Problem

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Google
And, this specific program:
Google Chrome 11.x

This thread has been marked as locked.
Digerati Chrome Problem
Member 29th Apr, 2011 15:16
Ranking: 30
Posts: 11
User Since: 26th Nov, 2008
System Score: N/A
Location: US
PSI reports, "The version detected of Google Chrome 11.x was 11.0.696.60 while the latest version including one or more security fixes is 11.0.696.57."

It knows I have .60, but is telling me .57 is newer. :(


This user no longer exists RE: Chrome Problem
Member 29th Apr, 2011 15:44
Hi,

Are you running chrome from the dev or beta channel?
Was this reply relevant?
+0
-0
jleezer RE: Chrome Problem
Member 29th Apr, 2011 16:08
Score: 9
Posts: 8
User Since: 7th Nov 2009
System Score: 99%
Location: NL
I have the same problem; it is the stable channel. See http://googlechromereleases.blogspot.com/ .
Was this reply relevant?
+0
-0
mogs RE: Chrome Problem
Expert Contributor 29th Apr, 2011 17:42
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 29th Apr, 2011 17:43
@jleezar/Digerati

Given your "User Since " dates, I'm a little surprised you're not already familiar with the situation.
As far as Secunia is concerned, Chrome '57 is the latest Stable version....fixing as it does many security issues. psi does not offer nor advise updates unless they address such issues. Chrome '60 is a bug fix for Beta and Stable channel....which of course you can update to, and be secure; but the detections usually seem to take a few days to be set in order/catch up.......particularly when the same version number is Beta as well, which versions psi doesn't monitor....along with Dev.
I can see what you're saying.....at the moment, Chrome '60 is not being recognized/ detected as secure tho' it incorporates the fixes contained in the '57 issue. I'm sure it's just a matter of a little more patience.

--
Was this reply relevant?
+2
-3
Digerati RE: Chrome Problem
Member 29th Apr, 2011 18:20
Score: 30
Posts: 11
User Since: 26th Nov 2008
System Score: N/A
Location: US
I use the stable version.

I think I see what happened.

It appears .57 came out on Apr 27 and .60 the next day on the 28th. Chrome is my secondary browser so not normally used. It just happened I fired it up yesterday, noticed the update and updated to .60 - that must have been just after .60 first came out.

I suspect PSI will catch up soon.

Was this reply relevant?
+4
-0
sboydman RE: Chrome Problem
Member 1st May, 2011 14:29
Score: 3
Posts: 3
User Since: 27th Mar 2008
System Score: N/A
Location: N/A
Last edited on 1st May, 2011 14:43
No matter how you "slice" it, this is still a "bug" (given a minor one) that should be corrected IMHO... The bug is that a newer version is installed, but the older version is referenced as the Latest Version, which is not correct in any event. To say otherwise is semantics. The vulnerability patches are obviously included in the up-to-date version. I know of no instance where such a patch would have been removed. The program logic should recognize a more up-to-date version number, and state an appropriate warning, which would be informative and allay the worries and suspicions of the less knowledgeable user.

For example: "Installed Version is more recent, but not currently in Secunia's database. This notification will be updated when new information is available." or other such equivalent wording. This would engender less concern from the user. Yes, my comments are a bit picky, but I believe that is how software becomes better.

It is now May 1, plenty of time for Secunia to have updated its version info, which I assume will correct the scan display. (Of course, we need to keep in mind that the PSI application is free for personal use, after all...)

On the whole, I must state that Secunia PSI is probably the most valuable Windows application that I use, along with BillP's WinPatrol...

Keep up the great work, Secunia. I feel much safer running Windows with you on the job!

P.S. Speaking of updates, TechTracker informed me that Secunia PSI itself was out of date, but PSI did not seem to be aware that an updated version was available. Hmmm...
Was this reply relevant?
+2
-0
Digerati RE: Chrome Problem
Member 1st May, 2011 16:34
Score: 30
Posts: 11
User Since: 26th Nov 2008
System Score: N/A
Location: US
It is either a bug, or a poor design or management decision because .60 is the latest stable version and here it is, several days later and PSI still does not see .60 as the latest.

Chrome is a major, very popular program. No reason it should not be in the tables by now.
Was this reply relevant?
+2
-0
Anthony Wells RE: Chrome Problem
Expert Contributor 1st May, 2011 19:19
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 1st May, 2011 19:22
Hi ,

The "bug" is discussed at lenght in these other threads if you care to read them :-

http://secunia.com/community/forum/all_threads/?fo...

In summary :-

Secunia support always seem to have problems with the PSI detection rules when there is a Stable Platform change :ie: 10.x to 11.x and/or the Stable and Beta versions overlap . Support do not work on the PSI always full time and definitely not the weekend . Thios problem became apparent on Thursday/Friday - not "several days ago " .

So no instant gratification ; nothing will happen to fix the "bug" before Monday at the earliest . Versions ..57 and ..60 are both secure , earlier ones should be deleted , to be sure , to be sure .

Re Semantics , this subject is also neraly done to death ; security updates are published by Secunia in their Advisories and specify/give you the version to update to in order to patch a vulnerability . They are provided for the Security community , their commercial CSI clients and by free serendipitous chance to personal users of the (free) PSI . The latter is a vulnerability/update patch checker aligned with the relevant SA's and definitely not a general update checker ; neither the SA's nor the PSI monitor , follow or give twopence about "updates" of the bug or eye candy fix nature . Same goes for Alphas , Betas , RC's etc .

By the same token , there are no insecure versions of the PSI ; although Secunia do normally advise major changes here on the Forum and by personal email.

If you wish Secunia to change , add or clarify some of their terms in the GUI or the manual , please be specific either here , but in a new thread (create your own , don't hijack) or email them at support@secunia.com with your wish list .

Hope that is clear enough now .

Take care

Anthony.

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+3
-3
sboydman RE: Chrome Problem
Member 1st May, 2011 21:08
Score: 3
Posts: 3
User Since: 27th Mar 2008
System Score: N/A
Location: N/A
Appreciate the clarifications. Understandable, also.

PSI is a fantastic tool, tried to make it clear in my post. Pretty much giving my 2 cents worth ;)
Was this reply relevant?
+1
-0
Anthony Wells RE: Chrome Problem
Expert Contributor 1st May, 2011 21:33
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

No worries . Everyone is free and equal - Libres & égaux - to post and comment to the Community Forum ; the more the merrier :))

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-2
Digerati RE: Chrome Problem
Member 1st May, 2011 22:43
Score: 30
Posts: 11
User Since: 26th Nov 2008
System Score: N/A
Location: US
(unknown source)
Thios problem became apparent on Thursday/Friday - not "several days ago "

With all due respect, .60 came out on the 28th. 4 days is several in my book. I also note, .57 came out on the 27th, and it was in the tables by the 28th.

As far as the weekend is concerned - why not? Secunia touts "PSI strives to be your first choice for independent and reliable vulnerability intelligence." Badguys and security threats do not take weekends and holidays off. When it comes to security and security products, if a product is going to claim to be my first choice, it needs to be there when I am.

I appreciate your loyal defense of the product. No doubt I agree it should be on everyone's computers - it is on all my builds. But let's not make excuses for them when they fall short of their own goals.

(unknown source)
Secunia support always seem to have problems with the PSI detection rules when there is a Stable Platform change :ie: 10.x to 11.x and/or the Stable and Beta versions overlap
Always been that way should be motivation to fix it. But note according to [url=http://secunia.com/vulnerability_scanning/personal... FAQ #7[/url], PSI does not monitor and detect BETA versions of software. Therefore, it should not be confusing them. If this process is automated and failing, ESPECIALLY if a recognized problem, they should have a qualified human on hand, ready to intervene - even if remotely from home - until the automated process has been fixed and proven reliable.
Was this reply relevant?
+4
-0
Anthony Wells RE: Chrome Problem
Expert Contributor 2nd May, 2011 01:36
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello @Digerati ,

I have no need or interest in either "defending" or "excusing" Secunia ; they are a commercial organisation and far more capable than I in looking out for themselves .

I was/am merely advising you of my experience with Chrome and the PSI and explaining the "weekend" absence of a "quick fix" . There is no security risk/exposure in the "bug" , merely confusion for some which is dealt with here on the Forum .

The PSI is "FREE" for personal use and with all that entails ; if you are not satisfied and want 24/24 support , then you will have to pay for it by buying a licence for the CSI .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+4
-4
Terrys.On.Secunia RE: Chrome Problem
Member 2nd May, 2011 05:17
Score: 4
Posts: 1
User Since: 2nd May 2011
System Score: N/A
Location: AU
As much as I've only just joined this community I've been using PSI for years and have been and will continue to recommend its use to all my customers, colleagues and friends. We all like the to have the summary with 10 green lines with out the use of exception rules.

Google Chrome along with many other applications (e.g. Belarc, CCleaner, Firefox/Thunderbird (and extensions), Adobe (Stuff), Microsoft (stuff), Notepad++,and Java) now either automatically update or prompt for updating to latest stable release every time they are started, touched or even "looked at". For some applications it is by default a no choice option. This is a laudable philosophical change that has grown in momentum in the last few years to improve application security.

In this scenario the latest stable release of applications will always be competing with the possibly less recent but secure release. With out resorting to exception rules should users be expected to revert to a less recent secure release to maintain the coveted Secunia System Score of 6 green columns/weeks of (not quite) up to date applications?

Do the more recent stable releases of applications need to be considered as insecure by Secunia?

I use PSI, in conjunction with the WinsowsSectrets Patch Watch, to keep my software fully patched, not just to be strictly secure. Please look at this situation as soon as possible.

--
Cheers
Was this reply relevant?
+4
-0
pratnala2010 RE: Chrome Problem
Member 2nd May, 2011 08:10
Score: 1
Posts: 38
User Since: 13th Nov 2009
System Score: 89%
Location: IN
I am sure Secunia will resolve this problem soon

--
PC -
Microsoft Windows 7 Home Basic Service Pack 1
Intel Core 2 Duo E4400 2.0 GHz
2GB RAM
Kaspersky Internet Security 2012
Secunia PSI 2.0.0.3003

Laptop -

Microsoft Windows 7 Home Basic Service Pack 1
Intel Pentium Dual Core T4400 2.2 GHz
3GB RAM
Kaspersky Internet Security 2012
Secunia PSI 2.0.0.3003
Was this reply relevant?
+0
-0
This user no longer exists RE: Chrome Problem
Member 2nd May, 2011 09:09
Hi,

We corrected a minor issue with our version rules. If you run a full rescan, the proper security status should be shown.

hope this helps.
Was this reply relevant?
+0
-0
Digerati RE: Chrome Problem
Member 2nd May, 2011 14:26
Score: 30
Posts: 11
User Since: 26th Nov 2008
System Score: N/A
Location: US
@Emil - Thanks for the update. After deleting my Chrome ignore rule and rescanning, I can confirm the proper security status is reflected for Chrome. :)

@Anthony Well - Thanks and I understand there was no security risk - this time - but that is simply because this time, the latest .60 release was not to correct a security issue. But we had no way of knowing that, unless we dug around Google and found the changelog. IMO, manually digging around and researching the applications PSI is supposed to be monitoring defeats the purpose of PSI.

Also, I'm not buying the "FREE" excuse. I am not looking for tech support 24/7 with free programs. In fact, I accept that many companies do not provide any tech support with their free versions and I don't have a problem with that - that's what forums are for. But "FREE" is not an excuse for not keeping a "security" program designed to keep us updated, updated.
Was this reply relevant?
+2
-0
This user no longer exists RE: Chrome Problem
Member 2nd May, 2011 14:47
Hi,

In this case nobody would, at any time, have seen an insecure version being flagged as secure.

The problem only resulted in secure versions being shown as insecure, and as such nobody was put at risk.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+