We can't get it to work either. Either the documentation is outdated, or something with the latest version(s) of Google Chrome changed.

Download the following script:
https://github.com/hjuutilainen/adminscripts/blob/master/chrome-enable-autoupdates.py

After a Chrome.app installation in a policy run the above script.

Done.

@marklamont has the right link. The tricky part is some of the files and the permissions on them.

Would it be as simple as this?

chown -R $currentUser "/Applications/Google Chrome.app"

I use a combination of the chrome-enable-autoupdates.py script above to first make sure the Chrome updater is working, then I force the Chrome updater to run using this script:

#!/bin/sh
## Script name:     run_chrome_updater.sh
## Author:          Andy McPherson
## Last modified:   1/31/18

## Logged in user
loggedInUser=$( ls -l /dev/console | awk '{print $3}' )

echo "$loggedInUser"

sudo -u "$loggedInUser" /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode oneshot -userInitiated YES 2> /dev/null

exit 0

I then added a "sleep 30" before running a recon which seems to give it enough time to actually run the updater and install the new version.

The best part is, this runs silently in the background! Technically the user probably needs to quit and relaunch Chrome to begin using the new version, but until then, it will show up as the latest version in Patch Reporting.

My Jamf on-board person was awesome and I got him to send me an updated build that will turn auto update on for all users automatically. Just install or make sure Chrome is updated and auto-updates are turned on for your Mac and then this:

Using Composer, package;

/Applications/Google Chrome.app
/Library/Google
/Library/LaunchDaemons/com.google.keystone.daemon.plist
/Library/LaunchAgents/com.google.keystone.agent.plist
/Library/LaunchAgents/com.google.keystone.xpcservice.plist

That should do it.
I had no issues using this method last year, I'm just re-issuing the new version of Chrome for this school year.

Is there an EA to detect if chrome auto update is enabled or not?

You try Chrome browser cloud management

https://cloud.google.com/files/chrome-enterprise/Chrome_Enterprise_Browser_CBCM_Mktg_WP_3.22_final.pdf

https://support.google.com/chrome/a/answer/9116814

There is another similar thread on this here: How to update Chrome automatically

Uses the same script that @ryan.ball created located here: chrome-enable-autoupdates

Thank you @andymcp! That looks like a simple elegant solution.

If I were to run just that one line, how might I verify that it has actually run? I checked ~/Library/Logs/GoogleSoftwareUpdateAgent.log thinking there might be something there, however nothing gets logged there apparently. Should I see a GoogleSoftwareUpdate process show up in Activity Monitor? Is a log kept somewhere else that I'm not thinking of?

@andymcp Does your method still work? I ran into some issues with @ryan.ball method, something about a keystone error. I am considering just re-packaging Chrome and running at login to get us to the latest version.

Thanks for the help,
Jared

@jared_f The script that @andymcp links to does work, but you need to make sure you have downloaded the latest version of the script at https://github.com/hjuutilainen/adminscripts/blob/master/chrome-enable-autoupdates.py as that was updated on 8/5/19 for changes to the keystone registration framework path introduced in newer versions of Chrome.

I've found that this script: https://github.com/ryangball/chrome-enable-autoupdates/blob/master/chrome-enable-autoupdates.sh
is working for me with fresh install of Mojave 10.14.6.
Chrome is currently at version 78
When I select About Chrome, I see Google Chrome is up to date Automatic updates are turned on

along with this scritp to download Chrome:

**#####################################################################################################

# ABOUT THIS PROGRAM

NAME

GoogleChromeInstall.sh -- Installs the latest Google Chrome version

SYNOPSIS

sudo GoogleChromeInstall.sh

########################################################################################

# HISTORY

Version: 1.0

###################################################################################################

Script to download and install Google Chrome.

Only works on Intel systems.

dmgfile="googlechrome.dmg"
volname="Google Chrome"
logfile="/Library/Logs/GoogleChromeInstallScript.log"
url='https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg'

Are we running on Intel?

if [ '/usr/bin/uname -p'="i386" -o '/usr/bin/uname -p'="x86_64" ]; then /bin/echo "--" >> ${logfile} /bin/echo "date: Downloading latest version." >> ${logfile} /usr/bin/curl -s -o /tmp/${dmgfile} ${url} /bin/echo "date: Mounting installer disk image." >> ${logfile} /usr/bin/hdiutil attach /tmp/${dmgfile} -nobrowse -quiet /bin/echo "date: Installing..." >> ${logfile} ditto -rsrc "/Volumes/${volname}/Google Chrome.app" "/Applications/Google Chrome.app" /bin/sleep 10 /bin/echo "date: Unmounting installer disk image." >> ${logfile} /usr/bin/hdiutil detach $(/bin/df | /usr/bin/grep "${volname}" | awk '{print $1}') -quiet /bin/sleep 10 /bin/echo "date: Deleting disk image." >> ${logfile} /bin/rm /tmp/"${dmgfile}"
else /bin/echo "date: ERROR: This script is for Intel Macs only." >> ${logfile}
fi
exit 0**

@atomczynski I've been using that same script for quite awhile now, works great. I wish it had a check for the current version installed vs the current version available - and if the versions match then skip the installation.

Iv'e been looking at the script to try to insert this version check, but kinda don't want to bother with it.

This script works well, but how do you whitelist allowing the "GoogleSoftwareUpdate.bundle" app to open without user interaction?:

GoogleSoftwareUpdate.bundle Prompt Screenshot

Would that be a PPPC profile?

I'me having trouble getting this to work. I pushed the script and a configuration profile that allows the Chrome updater in Accessibility but Chrome still would not auto update. On some computers, I get Update Failed (error: 12) KSInstallAction install script failure. Exit Code: 12.

Edit: Nevermind. I got it working. It just took longer for the policies to take than I thought.

I've allowed the team ID for GoogleSoftwareUpdate.bundle but it still prompts me to setup automatic updates and asks for admin credentials. Am I missing something? How can I automatically enable this?

The Chrome for Enterprise Team has published a new kBase on Managing Chrome Browser Updates with Jamf Pro (macOS). This takes advantage of Jamf's Application and Custom Settings Payload and does not rely on a script.

I've moved to using the Chrome policy schema. It works well with Chrome Enterprise. My only issue now is switching everyone over to Chrome Enterprise because it doesn't show autoupdate being enabled on the standard version.

I got so excited about this and then realised it's only for chrome enterprise.....Does Chrome Enterprise have costs associated with it and do I really have to enroll the machines into chrome enterpise to enable auto updates?

@McGinn

I didn't see any cost and I set up a test account and configured it and got the management part working...However auto updated still required the user to sign in the 1st time. I figured it didn't really address the auto update issue.

That said I only tied once and moved on!

C

we use the Chrome Enteprise pkg and config profile and that seems to keep chrome up to date without any other configuration on our end.

@walt Can you explain in detail that Configuration Profile you have for Google Chrome?

What it looks like and whats the difference between Regular Chrome and Enterprise Chrome?

@JarvisUno , I think this is the explanation you are looking for.
https://support.google.com/chrome/a/answer/9923111?hl=en

@jefff Has anyone actually set that up those instructions are great right up until you need to add:

• Version
• Variant
• Preference Domain Properties

Not really sure what to add there would be interested in seeing how others here have this setup.

@JarvisUno Other examples of plists(Google themselves, not a 3rd party) seem to be consistent with 1.0 being the version. The other two are filled in automagically once the version is selected.

Hi all,

Please be aware of this: Today have found that 68 machines in my company got downgraded to version 98.0.4758.102

Downloaded file manually from here 'https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg' and it is 98.0.4758.102, looks like Google staff uploaded wrong version, this is the first time I see it in last three years, since I started using this policy.

Link 'https://dl.google.com/chrome/mac/universal/stable/CHFA/googlechrome.dmg' I use to update M1/M2 devices contains the latest 105.0.5195.52. Testing if the same installer works on Intel, since I see "universal" word.

While an old thread, I thought I would provide some rather undocumented things I've found....

The Chrome for enterprise download doesn't always install the googlesoftwareupdate component...

https://support.google.com/chrome/answer/111996?hl=en#zippy=%2Cmac
Note: Download Chrome Again, Step 3, on Mac... Download and install Google Software Update again.

URL: https://dl.google.com/mac/install/googlesoftwareupdate.dmg

This kinda works like Microsoft MAU .app in which its an app that runs on schedule from a launchdaemon... It reads and applies settings from com.google.keystone... 

It installs mainly in /Library/Application Support/Google/GoogleUpdater/*