Secunia and old Google Chrome versions

Topic

New Reply

When Chrome installs updates it retains (just one?) previous version of the program. When the update is for a security patch, Secunia’s PSI complains about the presence of this old, insecure version of the application being on my system. This used to happen with Java as well, but in that case there was an entry for in the “Programs and Features” Control Panel for each version that allowed the old versions to be uninstalled. That is not the case for Chrome.

I have just been deleting the directory containing the old version of Chrome. Is there a better option? Is there any reason or any risk in leaving it lying around?

Reply | Quote

Replies

When Chrome installs updates it retains (just one?) previous version of the program. When the update is for a security patch, Secunia’s PSI complains about the presence of this old, insecure version of the application being on my system. This used to happen with Java as well, but in that case there was an entry for in the “Programs and Features” Control Panel for each version that allowed the old versions to be uninstalled. That is not the case for Chrome.

I have just been deleting the directory containing the old version of Chrome. Is there a better option? Is there any reason or any risk in leaving it lying around?

Use a browser that cleans up after udpates?

Seriously, you are at the mercy of Google with Chrome. Whatever they decide to do you are stuck with.

Joe

--Joe

Reply | Quote

I’d uninstal any previous versions of software that Secunia complains about, especially Java.
Even if that means uninstalling all of Chrome and reinstalling the latest version.
As for browser security patches, Secunia should be reporting it as patched, unless it’s version upgrade.
Same with security patches, these should be reconciled by Secunia as patched. Poorly coded
software keeps insecure tid bits lying around.

Reply | Quote

When Chrome installs updates it retains (just one?) previous version of the program. When the update is for a security patch, Secunia’s PSI complains about the presence of this old, insecure version of the application being on my system.

I’d raise this issue with Google. Perhaps they haven’t thought about it, or perhaps they can assure you that the vulnerable version is non-executable and completely safe.

Reply | Quote

It is probably best to uninstall. Before you do this you might want to save your preverences. Not sure what your OS is but in vista these preferences are stored in C:UsersUsersNameAppDataLocalGoogleChromeUser Data. I think in XP it is in C:Documents and Settings[your name]Local SettingsApplication DataChromiumUser Data. I am not sure about Windows 7 but am guessing you can find it. Backup the entire User Data directory

Now uninstall Chrome and reinstall the new version. You can then restore the backup you made of User Data.

If for some reason the uninstall leaves remnants of your old version, use a good uninstaller such as revo( its free ) and it will allow you to safely do some additional cleanup after it runs the vendor provided uninstall.

Reply | Quote

Uninstalling and reinstalling is the ultimate way to update Chrome and the Secunia data base but if you close down chrome and then delete the exe or dll file Secunia will be happy. But make sure that you have done it for all user accounts if there are muliple instances of the s/w.
/G

Reply | Quote

Uninstalling and reinstalling is the ultimate way to update Chrome and the Secunia data base but if you close down chrome and then delete the exe or dll file Secunia will be happy. But make sure that you have done it for all user accounts if there are muliple instances of the s/w.
/G

Good point. Chrome, unlike many other browsers, does install on a per-user basis, with independent processes for each user, and even for each tab you open. Update or uninstall for each user.

-- rc primak

Reply | Quote

Thanks. Uninstall and not reinstall seems like the easiest way to keep from running into this error.

Reply | Quote

Thanks. Uninstall and not reinstall seems like the easiest way to keep from running into this error.

yup…I have queried Google several times about their poor installation – with no answer and no change in behaviour. I don’t use it at all on my Ubuntu box, and only use it on my windows machine if FF is lagging on a vulnerability (and chrome is currently secure of course).
I usually just delete the offending directory, and then run jv16 powertools to clean up any registry errors. the process of saving profiles and un/re-installing is not worth the work with so many other browsers available (FF, Opera – even IE ). As the home-based tech support – with multiple users on multiple machines…it just isn’t worth my time.

Reply | Quote

Rather than going through a whole “uninstall/reinstall” I use the “Open Folder” option in Secunia to find and then just delete the offending file. I hard delete it (Shift-delete) so it doesn’t even go in to the recycling bin.

Note that I’m using the Advanced Interface of Secunia.

ed

Reply | Quote