Skip to main content

We are excited about recent updates that make Chrome on macOS easier to deploy and manage. Our work with the Google Chrome for Enterprise Team is ongoing, and this first release benefits not only Jamf Pro admins, but everyone who manages Mac at scale. Look for more information in the form of a blog, but here are the highlights:



Updates to the installer - Chrome is now available as a PKG in addition to the standard DMG. This is the preferred installer format for mass distribution, and is available from the Chrome Browser Enterprise Installers website.



Initial Support for Application & Custom Settings - Chrome Browser Cloud Management (CBCM) is a a single location to set Chrome policies on multiple platforms. Google simplified the process of deploying the enrollment token by leveraging Jamf's new Application & Custom Settings payload.



This work comes from user feedback and @alexbauer from the Chrome for Enterprise Team is joining this thread to hear your thoughts!



Chrome Enterprise Browser Support can be reached here.



Update 6/11/2020 - The Chrome for Enterprise Team has published a new kBase on Managing Chrome Browser Updates with Jamf Pro (macOS)

@alexbauer Thanks for the link to the Universal package! The regular Chrome download site still has the choices. Now if you could just add the version number to the package file name it would be perfect.

 

Soo many "googlechrome.dmg" files laying around.  😉


HAHA! I think this was done on purpose to allow automation etc. Our stance is that you should only have to do this once and then control updates and version via policy.


You can try this: https://support.google.com/chrome/a/answer/9915669?hl=en


I've been using this reliably for about a year, but after seeing @alexbauer's reply, I'll likely update it soon to use the PKG instead. Until then:

ISCHROME=`ls /Applications | grep -i Google\\ Chrome`

if [ "$ISCHROME" = "Google Chrome.app" ]; then
echo "Chrome already present. Moving on."
exit 0
else
CPUTYPE=`sysctl -n machdep.cpu.brand_string | awk -F " " '{print $1}'`

cd /Users/Shared

if [ "$CPUTYPE" = "Intel(R)" ]; then
echo "Installing Google Chrome for Intel"
curl -O https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg
else
echo "Installing Google Chrome for Apple Silicon"
curl -O https://dl.google.com/chrome/mac/universal/stable/GGRO/googlechrome.dmg
fi
CHROMEATTACH=`ls googlechrome*`
echo $CHROMEATTACH
hdiutil attach $CHROMEATTACH -nobrowse -quiet

cp -r /Volumes/Google\\ Chrome/Google\\ Chrome.app /Applications/
hdiutil detach /Volumes/Google\\ Chrome

rm -rf $CHROMEATTACH
exit 0
fi


I've been using this reliably for about a year, but after seeing @alexbauer's reply, I'll likely update it soon to use the PKG instead. Until then:

ISCHROME=`ls /Applications | grep -i Google\\ Chrome`

if [ "$ISCHROME" = "Google Chrome.app" ]; then
echo "Chrome already present. Moving on."
exit 0
else
CPUTYPE=`sysctl -n machdep.cpu.brand_string | awk -F " " '{print $1}'`

cd /Users/Shared

if [ "$CPUTYPE" = "Intel(R)" ]; then
echo "Installing Google Chrome for Intel"
curl -O https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg
else
echo "Installing Google Chrome for Apple Silicon"
curl -O https://dl.google.com/chrome/mac/universal/stable/GGRO/googlechrome.dmg
fi
CHROMEATTACH=`ls googlechrome*`
echo $CHROMEATTACH
hdiutil attach $CHROMEATTACH -nobrowse -quiet

cp -r /Volumes/Google\\ Chrome/Google\\ Chrome.app /Applications/
hdiutil detach /Volumes/Google\\ Chrome

rm -rf $CHROMEATTACH
exit 0
fi


Yea, we really do not recommend the DMG to anyone to use. It causes a lot of problems with the updater component of Chrome and so the PKG is our preferred deployment method.


I've been using this reliably for about a year, but after seeing @alexbauer's reply, I'll likely update it soon to use the PKG instead. Until then:

ISCHROME=`ls /Applications | grep -i Google\\ Chrome`

if [ "$ISCHROME" = "Google Chrome.app" ]; then
echo "Chrome already present. Moving on."
exit 0
else
CPUTYPE=`sysctl -n machdep.cpu.brand_string | awk -F " " '{print $1}'`

cd /Users/Shared

if [ "$CPUTYPE" = "Intel(R)" ]; then
echo "Installing Google Chrome for Intel"
curl -O https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg
else
echo "Installing Google Chrome for Apple Silicon"
curl -O https://dl.google.com/chrome/mac/universal/stable/GGRO/googlechrome.dmg
fi
CHROMEATTACH=`ls googlechrome*`
echo $CHROMEATTACH
hdiutil attach $CHROMEATTACH -nobrowse -quiet

cp -r /Volumes/Google\\ Chrome/Google\\ Chrome.app /Applications/
hdiutil detach /Volumes/Google\\ Chrome

rm -rf $CHROMEATTACH
exit 0
fi


Found this and it has been working for me, thanks tho! 

#!/bin/sh
pkgfile="GoogleChrome.pkg"
logfile="/Library/Logs/GoogleChromeInstallScript.log"
url='https://dl.google.com/chrome/mac/universal/stable/gcem/GoogleChrome.pkg'

/bin/echo "--" >> ${logfile}
/bin/echo "`date`: Downloading latest version." >> ${logfile}
/usr/bin/curl -s -o /tmp/${pkgfile} ${url}
/bin/echo "`date`: Installing..." >> ${logfile}
cd /tmp
/usr/sbin/installer -pkg GoogleChrome.pkg -target /
/bin/sleep 5
/bin/echo "`date`: Deleting package installer." >> ${logfile}
/bin/rm /tmp/"${pkgfile}"

exit 0


Found this and it has been working for me, thanks tho! 

#!/bin/sh
pkgfile="GoogleChrome.pkg"
logfile="/Library/Logs/GoogleChromeInstallScript.log"
url='https://dl.google.com/chrome/mac/universal/stable/gcem/GoogleChrome.pkg'

/bin/echo "--" >> ${logfile}
/bin/echo "`date`: Downloading latest version." >> ${logfile}
/usr/bin/curl -s -o /tmp/${pkgfile} ${url}
/bin/echo "`date`: Installing..." >> ${logfile}
cd /tmp
/usr/sbin/installer -pkg GoogleChrome.pkg -target /
/bin/sleep 5
/bin/echo "`date`: Deleting package installer." >> ${logfile}
/bin/rm /tmp/"${pkgfile}"

exit 0


Assuming chrome/mac/universal/stable/gcem/GoogleChrome.pkg link will install the correct version for Intel, as well as M1?


Assuming chrome/mac/universal/stable/gcem/GoogleChrome.pkg link will install the correct version for Intel, as well as M1?



@nwebster wrote:

Assuming chrome/mac/universal/stable/gcem/GoogleChrome.pkg link will install the correct version for Intel, as well as M1?


yes, this will install a universal binary version of chrome and it will auto select ARM vs x86 after multiple tests.


@bcbackes sorry for the late reply. please go ahead and open a CRbug (https://bugs.chromium.org/p/chromium/issues/list) and link it here and I will make sure someone from our enterprise team looks into it. In the second step, please make sure to tag enterprise as the issue. Add as much detail as you can, screenshots etc.



@JarvisUno the PKG includes the latest version of Chrome at download time. It does not pull the latest version during installation. Chrome should auto update to the latest version as soon as it starts anyway. I will put in a request to have an online version of the installer with a PKG format. We usually offer offline installers for enterprises.



Has anyone had any luck in disabling QUIC protocol in Google Chrome through the config profile? Setting QuicAllowed boolean to false in the config profile still shows as default in chrome://flags#enable-quic in the browser.


Hello, I would like to create a Smart Group in Jamf to filter between machines having Chrome Enterprise and regular Chrome installed? Is there a way to distinguish between the 2?


@beareye321You may be able to scope your Smart Group to the config profile that you use to enroll your Enterprise target machines with.


Found this and it has been working for me, thanks tho! 

#!/bin/sh
pkgfile="GoogleChrome.pkg"
logfile="/Library/Logs/GoogleChromeInstallScript.log"
url='https://dl.google.com/chrome/mac/universal/stable/gcem/GoogleChrome.pkg'

/bin/echo "--" >> ${logfile}
/bin/echo "`date`: Downloading latest version." >> ${logfile}
/usr/bin/curl -s -o /tmp/${pkgfile} ${url}
/bin/echo "`date`: Installing..." >> ${logfile}
cd /tmp
/usr/sbin/installer -pkg GoogleChrome.pkg -target /
/bin/sleep 5
/bin/echo "`date`: Deleting package installer." >> ${logfile}
/bin/rm /tmp/"${pkgfile}"

exit 0


Hi, did you ever run into problems updating Chrome? Like Error 11 or some other errors like the one below? Thanks

 

Error details:

KSTempDirectoryAdditions failed to create temp directory. [com.google.UpdateEngine.CommonErrorDomain:54 - '/tmp/KSOutOfProcessFetcher.XXXXXXXXXX' - 'NSFileManager+TempDirectory.m:126'] (The operation couldn’t be completed. Permission denied dNSPOSIXErrorDomain:13])
KSTempDirectoryAdditions failed to create temp directory. .com.google.UpdateEngine.CommonErrorDomain:54 - '/tmp/KSOutOfProcessFetcher.XXXXXXXXXX' - 'NSFileManager+TempDirectory.m:126'] (The operation couldn’t be completed. Permission denied iNSPOSIXErrorDomain:13])
KSServerUpdateRequest fetch failed. KSOutOfProcessFetcher could not create download temp location.

 


Yea, we really do not recommend the DMG to anyone to use. It causes a lot of problems with the updater component of Chrome and so the PKG is our preferred deployment method.


Hi Alex, what if you need to install Chrome Enterprise package on top of an existing regular Chrome installation (.dmg). I noticed I have a lot of issues updating Chrome in this scenario. Any ideas? I already reinstall Google Software Updater but I constantly run in Error 11 problem (Updates are disabled or 

KSTempDirectoryAdditions failed to create temp directory. [com.google.UpdateEngine.CommonErrorDomain:54 - '/tmp/KSOutOfProcessFetcher.XXXXXXXXXX' - 'NSFileManager+TempDirectory.m:126'] (The operation couldn’t be completed. Permission denied dNSPOSIXErrorDomain:13])
KSTempDirectoryAdditions failed to create temp directory. .com.google.UpdateEngine.CommonErrorDomain:54 - '/tmp/KSOutOfProcessFetcher.XXXXXXXXXX' - 'NSFileManager+TempDirectory.m:126'] (The operation couldn’t be completed. Permission denied iNSPOSIXErrorDomain:13])
KSServerUpdateRequest fetch failed. KSOutOfProcessFetcher could not create download temp location.

Thanks


Hi Alex, what if you need to install Chrome Enterprise package on top of an existing regular Chrome installation (.dmg). I noticed I have a lot of issues updating Chrome in this scenario. Any ideas? I already reinstall Google Software Updater but I constantly run in Error 11 problem (Updates are disabled or 

KSTempDirectoryAdditions failed to create temp directory. [com.google.UpdateEngine.CommonErrorDomain:54 - '/tmp/KSOutOfProcessFetcher.XXXXXXXXXX' - 'NSFileManager+TempDirectory.m:126'] (The operation couldn’t be completed. Permission denied dNSPOSIXErrorDomain:13])
KSTempDirectoryAdditions failed to create temp directory. .com.google.UpdateEngine.CommonErrorDomain:54 - '/tmp/KSOutOfProcessFetcher.XXXXXXXXXX' - 'NSFileManager+TempDirectory.m:126'] (The operation couldn’t be completed. Permission denied iNSPOSIXErrorDomain:13])
KSServerUpdateRequest fetch failed. KSOutOfProcessFetcher could not create download temp location.

Thanks


Just use the PKG to deploy over and you are good to go.

Error 11 means that you have set a policy to disable keystone updates for Chrome.


Just use the PKG to deploy over and you are good to go.

Error 11 means that you have set a policy to disable keystone updates for Chrome.


I am not sure where I could've set that.. I use one Configuration Profile in Jamf

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>updatePolicies</key>
<dict>
<key>global</key>
<dict>
<key>UpdateDefault</key>
<integer>0</integer>
</dict>
<key>com.google.Chrome</key>
<dict>
<key>UpdateDefault</key>
<integer>0</integer>
<key>TargetVersionPrefix</key>
<string/>
<key>RollbackToTargetVersion</key>
<string/>
<key>TargetChannel</key>
<string>stable</string>
</dict>
</dict>
</dict>
</plist>

And in the Google Admin Console > Devices > Chrome > Settings > Users & Browsers -- I have set Chrome Browser Updates - Automatic Updates Only & Component Updates - Enable Updates for all components.

I tried to reinstall Chrome Ent. package but I still hit the same problem.. 😞 

Update failed (error: 11)

Error details:

KSTempDirectoryAdditions failed to create temp directory. [com.google.UpdateEngine.CommonErrorDomain:54 - '/tmp/KSOutOfProcessFetcher.XXXXXXXXXX' - 'NSFileManager+TempDirectory.m:126'] (The operation couldn’t be completed. Permission denied dNSPOSIXErrorDomain:13])
KSTempDirectoryAdditions failed to create temp directory. .com.google.UpdateEngine.CommonErrorDomain:54 - '/tmp/KSOutOfProcessFetcher.XXXXXXXXXX' - 'NSFileManager+TempDirectory.m:126'] (The operation couldn’t be completed. Permission denied iNSPOSIXErrorDomain:13])
KSServerUpdateRequest fetch failed. KSOutOfProcessFetcher could not create download temp location.
Updates are disabled.

Under /Volumes I have these 2 folders (probably after reinstalling Google Software Update right?)
drwxr-xr-x 7 myuser staff 306B Jul 2 2016 GoogleSoftwareUpdate-1.2.5.1203
drwxr-xr-x 6 myuser staff 272B Jul 10 04:09 GoogleSoftwareUpdate-1.3.16.180
lrwxr-xr-x 1 root wheel 1B Oct 29 17:21 Macintosh -> /


Hi, did you ever run into problems updating Chrome? Like Error 11 or some other errors like the one below? Thanks

 

Error details:

KSTempDirectoryAdditions failed to create temp directory. [com.google.UpdateEngine.CommonErrorDomain:54 - '/tmp/KSOutOfProcessFetcher.XXXXXXXXXX' - 'NSFileManager+TempDirectory.m:126'] (The operation couldn’t be completed. Permission denied dNSPOSIXErrorDomain:13])
KSTempDirectoryAdditions failed to create temp directory. .com.google.UpdateEngine.CommonErrorDomain:54 - '/tmp/KSOutOfProcessFetcher.XXXXXXXXXX' - 'NSFileManager+TempDirectory.m:126'] (The operation couldn’t be completed. Permission denied iNSPOSIXErrorDomain:13])
KSServerUpdateRequest fetch failed. KSOutOfProcessFetcher could not create download temp location.

 


I was able to solve this by using chown 

sudo chown myuser:mygroup /private/tmp/com.google.Keystone

But I am still getting 

 

Update failed (error: 11)

Error details:

Updates are disabled.

Just use the PKG to deploy over and you are good to go.

Error 11 means that you have set a policy to disable keystone updates for Chrome.


I was able to solve this by using chown 

sudo chown myuser:mygroup /private/tmp/com.google.Keystone

But I am still getting 

 

Update failed (error: 11)

Error details:

Updates are disabled.

I was able to solve this by using chown 

sudo chown myuser:mygroup /private/tmp/com.google.Keystone

But I am still getting 

 

Update failed (error: 11)

Error details:

Updates are disabled.

I was able to solve this by removing folder

~/Library/Google/GoogleSoftwareUpdate

/Library/Google/GoogleSoftwareUpdate

Reintalling the Chrome Enterprise package and reinstalling Google Software Update from here https://support.google.com/chrome/answer/111996?hl=en


Is there an update to this process? I ask because the last few new deployments that I have done (essentially using the update script to install Chrome)...all the browsers display an error stating that the software needs to update. When you click on update, it states that the file is corrupted and you need to reinstall. These are on Monterey machines.


Is there an update to this process? I ask because the last few new deployments that I have done (essentially using the update script to install Chrome)...all the browsers display an error stating that the software needs to update. When you click on update, it states that the file is corrupted and you need to reinstall. These are on Monterey machines.


I'm still using the following script to 100% success on any macOS device I've tried so far. 

#!/bin/sh

logfile="/Library/Logs/JamfScripts.log"
ISCHROME=`ls /Applications | grep -i Google\\ Chrome`

if [ "$ISCHROME" = "Google Chrome.app" ]; then
echo `date "+%y/%m/%d %H:%M:%S: "`"Chrome already present. Moving on.\\n" | tee -a ${logfile}
exit 0
else

pkgfile="GoogleChrome.pkg"
url='https://dl.google.com/chrome/mac/universal/stable/gcem/GoogleChrome.pkg'

echo `date "+%y/%m/%d %H:%M:%S: "`"Downloading latest version of Google Chrome." | tee -a ${logfile}
curl -s -o /tmp/${pkgfile} ${url}

echo `date "+%y/%m/%d %H:%M:%S: "`"Installing Google Chrome." | tee -a ${logfile}
cd /tmp
installer -pkg GoogleChrome.pkg -target /
sleep 5

echo `date "+%y/%m/%d %H:%M:%S: "`"Cleaning up.\\n" | tee -a ${logfile}
rm /tmp/"${pkgfile}"
exit 0
fi

I'm still using the following script to 100% success on any macOS device I've tried so far. 

#!/bin/sh

logfile="/Library/Logs/JamfScripts.log"
ISCHROME=`ls /Applications | grep -i Google\\ Chrome`

if [ "$ISCHROME" = "Google Chrome.app" ]; then
echo `date "+%y/%m/%d %H:%M:%S: "`"Chrome already present. Moving on.\\n" | tee -a ${logfile}
exit 0
else

pkgfile="GoogleChrome.pkg"
url='https://dl.google.com/chrome/mac/universal/stable/gcem/GoogleChrome.pkg'

echo `date "+%y/%m/%d %H:%M:%S: "`"Downloading latest version of Google Chrome." | tee -a ${logfile}
curl -s -o /tmp/${pkgfile} ${url}

echo `date "+%y/%m/%d %H:%M:%S: "`"Installing Google Chrome." | tee -a ${logfile}
cd /tmp
installer -pkg GoogleChrome.pkg -target /
sleep 5

echo `date "+%y/%m/%d %H:%M:%S: "`"Cleaning up.\\n" | tee -a ${logfile}
rm /tmp/"${pkgfile}"
exit 0
fi

That is the essentially the same script I am using. I have about 150 computers that have issues with Chrome.


That is the essentially the same script I am using. I have about 150 computers that have issues with Chrome.


Are you getting any errors in jamf.log during the install process, or is it acting as if it completed? Whats your install policy look like other than the script?


Are you getting any errors in jamf.log during the install process, or is it acting as if it completed? Whats your install policy look like other than the script?


It installs fine. It has been working for years... I am thinking that maybe Google has a broken package hosted at the moment.


It installs fine. It has been working for years... I am thinking that maybe Google has a broken package hosted at the moment.


It's possible. You can always download the PKG from https://dl.google.com/chrome/mac/universal/stable/gcem/GoogleChrome.pkg and try running it on a fresh install to see if the issue persists. If so, may want to take it to Google Support. I personally haven't had an issue yet, but I also haven't deployed any new machines since Chrome v101+


It's possible. You can always download the PKG from https://dl.google.com/chrome/mac/universal/stable/gcem/GoogleChrome.pkg and try running it on a fresh install to see if the issue persists. If so, may want to take it to Google Support. I personally haven't had an issue yet, but I also haven't deployed any new machines since Chrome v101+


This worked. Seems something is failing when Jamf runs the script vs. me manually running the script. The Jamf log makes it look like things finished properly, when in fact, they didn't.


This worked. Seems something is failing when Jamf runs the script vs. me manually running the script. The Jamf log makes it look like things finished properly, when in fact, they didn't.


Maybe a difference with Jamf running it as Root?


This worked. Seems something is failing when Jamf runs the script vs. me manually running the script. The Jamf log makes it look like things finished properly, when in fact, they didn't.


Not sure if this helps but you need to accept the terms when installing Chrome Enterprise so the URL should look like this:

url='https://dl.google.com/chrome/mac/stable/accept_tos%3Dhttps%253A%252F%252Fwww.google.com%252Fintl%252Fen_ph%252Fchrome%252Fterms%252F%26_and_accept_tos%3Dhttps%253A%252F%252Fpolicies.google.com%252Fterms/googlechrome.pkg'

https://support.google.com/chrome/a/answer/9915669?hl=en&ref_topic=9026943


Reply