Disable Chrome Updates

I use the Restricted Software option in the JSS to disable Google Chrome being able to update.
Process Name: GoogleSoftwareUpdateAgent.app
Check ; Restrict exact process name Kill process

Users going to About Google Chrome will see the following:

@SirSir that is brilliant. I'm going to copy that method - will look way nicer to my end users.

Thanks!

Go like a pro!

Which registry key did you use to stop chrome auto updates? I want to disable chrome updates on windows pc, but i have never found the right way to do it

@SirSir Your way definitely works. Tested and confirmed. Thanks!

I did find another supported method from Google that they seem to hide for whatever reason. This way is done with a configuration profile. Just figured I'd throw out another option for people that might want an alternative method.

https://support.google.com/chrome/a/answer/7591084?hl=en

Setting your UpdateDefault integer in the com.google.Keystone.plist to 3 results in the following. It's not the prettiest, but it works.

@kburns we tested that and it works fine, the added plus is it is supported by Google (or whatever the heck they call themselves now).

link to the google docs anyway... https://www.jamf.com/jamf-nation/discussions/28055/disable-chrome-updates

@kburns & @donmontalvo

I'm struggling to get this working as I have followed the Google Article with NO success.

Would you be so kind to share how y'all got it to work or even share your CF??

Thanks!!

Hi all,

I use this script to kill the keystone. I just add this as a script to run AFTER install of Chrome pkg.

#!/bin/sh

rm /Applications/Google Chrome.app/Contents/Versions/*/Google Chrome Framework.framework/Versions/A/Frameworks/KeystoneRegistration.framework/KeystoneRegistration

exit 0

@kburns & @donmontalvo - I'm struggling to get this to work with a CF, would you mind sharing more info or the CF itself?

here is my profile

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadContent</key> <dict> <key>com.google.Keystone</key> <dict> <key>Forced</key> <array> <dict> <key>mcx_preference_settings</key> <dict> <key>updatePolicies</key> <dict> <key>com.google.Chrome</key> <dict> <key>TargetVersionPrefix</key> <string>70.</string> <key>UpdateDefault</key> <integer>3</integer> </dict> <key>com.google.Chrome.canary</key> <dict> <key>UpdateDefault</key> <integer>2</integer> </dict> <key>global</key> <dict> <key>DownloadPreference</key> <string>cacheable</string> <key>UpdateDefault</key> <integer>3</integer> </dict> </dict> </dict> </dict> </array> </dict> </dict> <key>PayloadEnabled</key> <true/> <key>PayloadIdentifier</key> <string>MCXToProfile.11822e9e-d7be-47a4-9a07-dba52417ba56.GoogleSoftwareUpdate.9092f47f-b06a-43de-b137-d157f1996441</string> <key>PayloadType</key> <string>com.apple.ManagedClient.preferences</string> <key>PayloadUUID</key> <string>9092f47f-b06a-43de-b137-d157f1996441</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDescription</key> <string>Included custom settings:com.google.Keystone</string> <key>PayloadDisplayName</key> <string>Google Chrome Update Policies</string> <key>PayloadIdentifier</key> <string>com.google.Keystone</string> <key>PayloadOrganization</key> <string></string> <key>PayloadRemovalDisallowed</key> <true/> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>11822e9e-d7be-47a4-9a07-dba52417ba56</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>

@SirSir Have you still had luck with this method? I recently tried it in my environment and it appeared to work great for about a week or so and now they are all going back to auto-update.

EDIT: Actually to clarify, as I seem to have jumped the gun, some of the machines are reverting back to auto-update. So far I have seen it on two 10.12 and two 10.13 machines. A couple of my VM's still have auto-update disabled, but I think they may end up getting enabled as well...I wonder if Google is forcing it to re-activate somehow.

Chrome just moved the location of the KeystoneRegistration.framework directory with 75.0.3770.90.

It is no longer here:
/Applications/Google Chrome.app/Contents/Versions/"$ChromeVersion"/Google Chrome Framework.framework

They stuck it here:
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/"$ChromeVersion"/Frameworks/KeystoneRegistration.framework

I'm assuming with each update they will add a versioned directory like before, so the script I use will still work.

This is the script I add to the package we use to install Chrome. No editing required, it will work with each new version (until Google changes this file structure again)

#!/bin/sh

ChromeVersion=$(/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --version | awk '{print $3}')
sudo rm -rf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/"$ChromeVersion"/Frameworks/KeystoneRegistration.framework

The Chrome for Enterprise Team has published a new kBase on Managing Chrome Browser Updates with Jamf Pro (macOS). This takes advantage of Jamf's Application and Custom Settings Payload.