- Jamf Nation Community
- Products
- Jamf Pro
- Re: Forcing Updates for Chrome
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
We have a lot of users who aren't updating Chrome. How are you enforcing updates and relaunches to apply the updates?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
I use Mac Apps and let Jamf handle it. Google updates the version, Jamf has it the next business day and have Mac Apps configured to deploy within 15 minutes with deferral. I have not had to look at it in months.
If you are on Prem or don't want to use Mac Apps, Patch Management works okay, but I preferred to just use policies over Patch Management. Make a policy with your new target version, deploy to all devices frequency once per device and whatever exclusions and deferrals you want.
Enabling Auto Updates with a Configuration Profile is not a bad idea, but keep in mind users need to open Chrome for that workflow to update the browser.
Reply
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
I use Mac Apps and let Jamf handle it. Google updates the version, Jamf has it the next business day and have Mac Apps configured to deploy within 15 minutes with deferral. I have not had to look at it in months.
If you are on Prem or don't want to use Mac Apps, Patch Management works okay, but I preferred to just use policies over Patch Management. Make a policy with your new target version, deploy to all devices frequency once per device and whatever exclusions and deferrals you want.
Enabling Auto Updates with a Configuration Profile is not a bad idea, but keep in mind users need to open Chrome for that workflow to update the browser.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Friday
This is the way.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thursday
Use Mac Apps to automate the Chrome update, or you can also use Patch Management but that's quite manual work where you need to update the packages.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Friday
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Friday
For those using Mac Apps, what are you setting the update deadline to and the force quite grace period to?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Friday
For Chrome:
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Friday
app auto patch is my go to, it runs monthly. I was using app installers but notification fatigue kicked in for many of my users.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
Late to the game, dropping my 2¢ here in case others come across this looking for solutions. I use a Jamf policy that runs once a week. It executes a script I run for base installs of chrome and just grabs the latest Chrome and drops it in place. I've been doing it this way a few years and no complaints from users about their experiences. We force basic settings via a config profile. Policy is excluded from running between client side "working hours" of 9a-4p.
#!/bin/sh
# Google Chrome - Download and Install Latest.sh
#
# Created by Ed C on 4/20/23.
# Updated in 2023 to reflect omahaproxy down turn
# Updated 4.15.2024 to adjust script to compare a greater than comparison for installed version and exit if installed version is greater than current
#
[ -f /tmp/debug ] && set -x
# This script downloads the latest Google Chrome
InstalledVersion=$(/usr/bin/defaults read /Applications/Google\ Chrome.app/Contents/Info CFBundleShortVersionString 2>/dev/null)
## In 2023 it was stated that the Omaha Proxy site will get turned down and does not to be consistently updated. The below changes reflect the new site.
#CurrentVersion=$( curl -s https://omahaproxy.appspot.com/history | /usr/bin/awk -F',' '/mac,stable/{print $3; exit}' )
CurrentVersion=$(plutil -extract 0.version raw -o - - <<< $(curl -s 'https://chromiumdash.appspot.com/fetch_releases?channel=Stable&platform=Mac&num=1') )
/bin/echo "Found version $InstalledVersion installed..."
/bin/echo "The current version is $CurrentVersion..."
if [[ "$InstalledVersion" > "$CurrentVersion" ]]; then
echo "Installed version is greater than current version. Exiting with questions...?"
exit 2
elif [[ "$InstalledVersion" = "$CurrentVersion" ]]; then
echo "Google Chrome is current. Exiting"
exit 0
fi
URL='https://dl.google.com/dl/chrome/mac/universal/stable/gcem/GoogleChrome.pkg'
/bin/echo "Downloading Chrome"
/usr/bin/curl https://dl.google.com/dl/chrome/mac/universal/stable/gcem/GoogleChrome.pkg -o /tmp/GoogleChrome_$CurrentVersion.pkg
if [ $? = 0 ]; then # if mount is successful
/bin/echo "Kill Google Chrome..."
/usr/bin/pkill Chrome
/bin/echo "Removing old copy..."
/bin/rm -rf "/Applications/Google Chrome.app"
/bin/echo "Installing..."
/usr/sbin/installer -pkg /private/tmp/GoogleChrome_$CurrentVersion.pkg -target / -verbose
fi
/bin/sleep 5
# Clean-up
/bin/echo "Cleaning Up..."
/bin/rm -rf /private/tmp/GoogleChrome_$CurrentVersion.pkg
/bin/echo "Successfully installed Google Chrome $CurrentVersion"
exit 0When one of Chrome's frequent weeks of several zero-days over a short span occur, I just go and flush policy history for the patching policy. Generally catches all and keeps them updated.
YMMV
