Google Chrome leaves old versions behind when updated?

So I fire up Secunia on a PC today, and this alert appears:

image

 

But the user seems to be running the latest version:

image

 

Only one version appears in add/remove programs:

image

 

image

 

 

The extra folder, 3.0.195.38, is over 66 megabytes in size, and almost identical in content to 4.0.249.78.

 

Questions:

Can the folder 3.0.195.38 be deleted safely?

Can the bad guys use the contents of the old folder 3.0.195.38 to leverage security vulnerabilities, similar to the bad old days of Sun Java, when Java would be updated but old, vulnerable, versions of the application would be left behind which could be accessed by the bad guys and any security vulnerabilities leveraged?  There are various DLLs, a SETUP.EXE, and quite a few JS files in the old folder.

 

I’ll see what I can do about getting those questions answered.

Published Mon, Feb 8 2010 9:06 by sandi
Filed under:

Comments

# re: Google Chrome leaves old versions behind when updated?

Sunday, February 07, 2010 10:21 PM by mb

Yes, it can be deleted.

No, it does not pose a security threat (the .dlls have been unregistered)

# re: Google Chrome leaves old versions behind when updated?

Sunday, February 07, 2010 11:21 PM by par

The point of keeping one old version there is so that if Chrome updates while you are using it nothing bad will happen. It will go away after the next update or you can delete it manually without any harm.

# re: Google Chrome leaves old versions behind when updated?

Monday, February 08, 2010 5:50 AM by Larry Seltzer

Looks like the current and previous version, as par said probably for fallback.

My concern about Chrome installations is that it's all user-writeable. Malware running in standard user can modify or even delete your Chrome installation.

# re: Google Chrome leaves old versions behind when updated?

Monday, February 08, 2010 5:52 AM by Larry Seltzer

BTW, I keep forgetting, but the user directory issue has me wondering about Terminal Servers. Is there a way to install Chrome in the All Users profile, or something like that? Otherwise on any multi-user box everyone has to have their own installation of Chrome and update it separately.