Forum Thread: patches

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:

Relating to this vendor:
And, this specific program:
Google Chrome 4.x

This thread has been marked as locked.
vascoz patches
Member 29th Apr, 2010 00:54
Ranking: 0
Posts: 1
User Since: 28th Apr, 2010
System Score: N/A
Location: N/A
I have applied the solution to Google Chrome 4.x but the threat is still showing on the list despite a rescan. Does anyone know if the patch has worked? Or is it just a PSI scanning problem?

M.Hansen RE: patches
Secunia Official 29th Apr, 2010 08:24
Score: 193
Posts: 424
User Since: 26th Jan 2009
System Score: N/A
Location: Copenhagen, DK

Try to look at the file path for the insecure version of Chrome (Advanced Interface in the PSI)
Chrome will in most cases keep the former version alongside with the newest version in the Chrome installation folder. (Due to the way it silently update itself)

There should be 2 folders in the Chrome installation folder, on with the current version number and one with and older version number.
TiMow RE: patches
Dedicated Contributor 29th Apr, 2010 08:46
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 29th Apr, 2010 09:35
Hi vascoz

A common problem when updating Chrome, is that the new version creates a new file and still leaves the old insecure file, which PSI reports. This old file needs to be manually removed.

You need to use PSI on the Advanced mode interface - click "Advanced" on top right of PSI window, then "OK". Along the top is a series of tabs.

Firstly, to check if Chrome is correctly updated/patched, go to the tab "Patched" and click - here is a list of all your patched programs.

Scroll down to Google Chrome 4.x, and for the version number, you should see ** - which is the latest up to date version. You may also see a second Chrome entry, version number - this is the old insecure file that needs to be deleted.

Now click the tab "Insecure" (red lettering, when there's a problem). The old Chrome file should be listed here. On its left is "[+]" - click on this to reveal toolbox icons, then find "Open Folder" and click this.

This takes you to the location of the old Chrome file. You should see both the up to date version no. (....1059) and the old version no. (....1045). Make sure the old version no. is highlighted, right click, then delete.

This now goes to recycle bin, where you probably need to further delete it (as PSI also reports its contents). Reboot your PC and full re-scan PSI - this should now resolve this problem.

If your require further assistance, then post back here.


EDIT: I'm a slow typist - M. Hansen's reply beat mine - the info is the same; I've just given a bit more detail.

** I've just noticed that Chrome has run a silent install and version is now the latest, (as of 28 April 2010, 16:38:32 - installation on my PC), but this is not picked up by PSI, until I run a scan, to check if v. ....1059 is now insecure or not.

EDIT 2: Just run a scan v. ....1059 is insecure and needs to be removed (when I deleted mine, PSI picked up the change without reboot or re-scan); just to clarify - is latest, patched version - all older versions need to be deleted, as described above.

Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
njvann RE: patches
Member 30th Apr, 2010 02:30
Score: 0
Posts: 1
User Since: 29th Apr 2010
System Score: N/A
Location: AU
Thanks guys its now done. Really appreciate TiMow's step by step instructions as not being a computer expert they were easy to follow.
Was this reply relevant?

This thread has been marked as locked.