How Google's Chrome browser does updates
- 17 July, 2017 19:55
Chrome has been the world's most popular browser for more than a year now, convincing first individuals and then enterprises that it was the best replacement for Microsoft's once-leading Internet Explorer.
But Google's browser has not been without its critics. Among the sticking points has been Chrome's automatic updating mechanism, which some decried for force-feeding unwanted changes, or for delivering those changes at speeds too quickly for customers to absorb.
We've dug into Chrome's updates, from their frequency and schedule to how to manage them as an individual or as an IT professional. Here's what we found.
Automatic updates, or manual trigger
Chrome updates itself in the background -- and has done so since it debuted nearly nine years ago -- so most users need do nothing but relaunch the browser once in a while.
The browser periodically checks for updates; Google's own documentation, which is often left long out of date on the firm's site, says in one place it does so every 23 hours and 20 minutes. When Chrome does detect an available update, it downloads the new code and preps it for installation, although that latter step doesn't begin until the user starts or restarts the browser.
But not every copy of Chrome receives an update as soon as Google issues one. Instead, the company spreads out the distribution over days, or sometimes even weeks.
To manually trigger an update -- to get the security fixes pronto when news of active attacks circulate, say -- users simply select "About Google Chrome" from the Help menu under the vertical ellipsis at the upper right. The ensuing page either reports "Google Chrome is up to date" or displays the updating process before presenting a "Relaunch" button.
How to know when Google will next update Chrome
Google issues a new version of Chrome approximately every six weeks, although so far this year the average time between releases has been 47 days, or closer to seven weeks.
The company does not keep to a set schedule -- as does, for example, Mozilla with its Firefox -- nor does Google do much to trumpet each release. Officially, Google recommends that users frequent this blog to track just-issued updates, including the security-only fixes that pop up at irregular intervals between each polished edition's arrival.
Unofficially, users can view Chrome's estimated release schedule here, to get an idea of when the next version will be distributed. "These dates are subject to change without advance notice and provided here only for rough planning purposes," Google's Chromium team states there.
Chrome 59 should update to Chrome 60 shortly, during the week of July 23-29. Future updates in 2017 should appear the weeks of Sept. 3-9, Oct. 15-21, and Dec. 3-9.
For the individual: How to disrupt Chrome updates
Although there have been numerous Internet-posted instruction sets that purport to show individuals how to shut down Chrome's automatic updates, those efforts are mostly misguided, and in some cases, ultimately futile.
They're misguided because the goal of all auto-updating is a sterling one: More secure browsing and a lessened chance of malware hijacking the application and planting itself on a PC. Removing the responsibility for updates, particularly security updates, from the user has been a decades-long theme in software for a good reason, as it results in a higher percentage of up-to-date devices. (This spring's WannaCry attacks starkly illustrated the differences between quickly-patched and unpatched Windows systems.)
They're futile because Chrome's updating mechanism cannot be permanently switched off without the business infrastructure of Active Directory. "To prevent abuse of this policy, if a device is not joined to an Active Directory domain, and if this policy has been set to 0 or to a value greater than 77 hours, this setting will not be honored and replaced by 77 hours after August 2014," a Chrome support document reads, referring to a group policy that allows enterprise IT staffers to disable the feature.
In plainer English, that means attempts to turn off auto updates, including by setting a Windows Registry key -- a cornerstone of many of the techniques available on the web -- will fail as the time between update checks reverts to 77 hours, or about 3.2 days.
Individuals can disrupt automatic updates on Windows PCs, however, by nixing the executable the browser relies on for its connection to Google's servers. The simplest way is to locate the file GoogleUpdate.exe -- it should be in the folder C:\Program Files (x86)\Google\Update -- and rename it. Any new name will do, say, GoogleUpdate_disabled.exe.
After restarting Chrome, any attempt, whether automatic on the part of the browser or manual by the user, will fail.
To later update Chrome, the executable's name must be restored to GoogleUpdate.exe.
For IT: How to manage Chrome updates
Centrally-managed copies of Chrome do not update from a central location or console controlled by IT (as do, for example, Windows and its Internet Explorer (IE) and Edge browsers in most organizations). Instead, they are, like Chrome run by individuals, updated at Google's inclination and timetable.
But Chrome does support a number of Windows group policies that can be managed -- as are, probably, hosts of others -- by IT. They include policies for shutting down the automatic updates and for lengthening the time between update checks.
Google provides the necessary tools as part of an "enterprise bundle" it rolled out in late May. Those tools include templates for applying group policies to Chrome -- in both .adm and the newer .admx formats -- that administrators may use to manage individual system's Chrome browsers, or the entire company's fleet.
Among the policies are those that let admins disable all updates, barring automatic and manual updates from occurring; and override the default time between update checks, shortening them to as little as an hour or extending them to as much as 30 days.
Because Chrome management relies on group policies, Active Directory is required.
Where to obtain .msi packages for Chrome
After turning off Google's updates, IT must distribute its own -- on its schedule -- using a .msi installation package. That package can be deployed with the organization's standard deployment tools, including Microsoft's own SCCM (System Center Configuration Manager).
The .msi installation packages for the current version of Chrome for Windows are available from Google's website.
More information about Chrome updates
The Chrome Deployment Guide will be of great help to enterprise admins responsible for managing the browser. The guide can be downloaded from Google's site.
Did you know?
Chrome subtly tells its user when an update is pending but has not yet been applied by coloring the vertical ellipsis icon in the upper right of the browser window.
Green: An update has been available for two days Orange: Update available for four days Red: Update has been available for seven or more days