Google Chrome Force Update/Patch

privatepilot
New Contributor II

Hi There

I know there have been discussions regards this already, however, none of these seems to be working for us. Having looked at this article with Google https://support.google.com/chrome/a/answer/7591084?hl=en it appears that they have changed their code/process as this is no longer working. Also the UpdateDefault key is no longer listed on chromium.org/administrators/policy-list-3.

My question is, how to force users to have the most up to date version of Chrome? I see Patch Management may work, but this requires pkgs and i am worried it would remove user profiles etc if reinstalled etc.

Any advise best way to force users to update chrome?

Thanks

16 REPLIES 16

jkaigler
Contributor II

I used this one and it worked fine.
https://lew.im/2017/03/auto-update-chrome/

georgecm12
Contributor III

I'm still using Hannes Juutilainen's script as a post-install task to activate Chrome's self-updater:
https://github.com/hjuutilainen/adminscripts/blob/master/chrome-enable-autoupdates.py

Once all the update pieces are setup using the script above, I discovered you can update Chrome using the following:

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin -i

-i (or --install) is not a documented flag that I can find, but it works in my testing.

ablend
New Contributor II

For what it's worth I just pushed Chrome to a large number of systems via the installer package and have had zero complaints regarding lost user settings, plugins, etc. I do have a prompt built using JamfHelper to allow for deferral and notify the user that Chrome will be quitting, giving them a chance to close Chrome first.

privatepilot
New Contributor II

@jkaigler - I tried this but did not seem to work for us, we have various versions out there so maybe it could be not suitable in our environment.

@georgecm12 Thanks, I will get testing on this and see if this works.

@ablend I have been testing pushing a new pkg with the Chrome update via Patch Management and this seems to work as not had anyone complain. Just conscious that if i push globally 1000+ endpoints it will remove peoples profiles. Guess more testing may help.

Frustrating that it seems Google's enterprise help page is outdated....

dsavageED
Contributor III

We use a script, for both firefox and chrome, the chrome one looks like:

#!/bin/sh

# Get current stable build version number of Chrome from the web, do this in a single line to keep it encapsulated
chrome_latest_stable="$(curl https://omahaproxy.appspot.com/all | grep "mac,stable" | sed "s/,/ /g" | awk '{print $3}')"

# Get version number on currently installed Chrome app
installed_version="$(/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --version   | grep -iE "[0-9.]{10,20}" | tr -d " <>-:;/,&"=#[a-z][A-Z]")"

DOWNLOAD_URL="https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg"

install_Chrome() {
  # Create a temporary directory in which to mount the .dmg
  tmp_mount=`/usr/bin/mktemp -d /tmp/chrome.XXXX`

  # Attach the install DMG directly from Google's servers (ensuring HTTPS)
  hdiutil attach "$( eval echo "${DOWNLOAD_URL}" )" -nobrowse -quiet -mountpoint "${tmp_mount}"

  rm -fR "/Applications/Google Chrome.app"

  ditto "${tmp_mount}/Google Chrome.app" "/Applications/Google Chrome.app"

  # Let things settle down
  sleep 1

  # Detach the dmg and remove the temporary mountpoint
  hdiutil detach "${tmp_mount}" && /bin/rm -rf "${tmp_mount}"

  if [ -e "/Applications/Google Chrome.app" ]; then
    echo "******Latest version of Chrome is installed on target Mac.******"
  fi
}

check_Running ()
{
# To find if the app is running, use:
ps -A | grep "Google Chrome.app" | grep -v "grep" > /tmp/RunningApps.txt

if grep -q "Google Chrome.app" /tmp/RunningApps.txt;
then
    echo "******Application is currently running on target Mac. Installation of Chrome cannot proceed.******"
    exit 1;
else
    echo "******Application is not running on target Mac. Proceeding...******"
    install_Chrome
    exit 0
fi
}

# If the version installed differs at all from the available version
# then we want to update
case "${installed_version}" in
  "${chrome_latest_stable}")
    echo "****** Chrome version checked OK (${latest_stable}) ******"
    ;;
  *) 
    echo "****** Chrome version differs - installed: ${installed_version}, available: ${latest_stable} ******"
    check_Running
    ;;
esac

exit 0;

privatepilot
New Contributor II

@dsavageED Thanks for the script, I just ran it on a VM which has an old Chrome installed and it ran fine but shows/result is Chrome is up to date but from the Get Info, it is not? Any ideas? See image attached

d31b163f0af342e8ab875ebdab9311b9

chris_hansen
Contributor

@privatepilot

...worried it would remove user profiles etc if reinstalled etc.

Whichever method you choose, removing and installing the app won't remove the user profiles in any of these methods.

bmee
Contributor

@dsavageED below is the error that we're getting. We've added our proxy before the script run so below is line 26.

# Get version number on currently installed Chrome app
installed_version="$(/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --version   | grep -iE "[0-9.]{10,20}" | tr -d " <>-:;/,&"=#[a-z][A-Z]")"

ef4331facc5b4a39918c8952c7c23694

bmee
Contributor

After doing couple of testing on Mojave devices, the script works as it should. We're hitting the error about with Catalina.

GabeShack
Valued Contributor II

@dsavageED Mind sharing the script you use for Firefox as well? I do like this since it stops the action if the program is opened. However I wish there was a way to make this script happen using Patch Policies and then it prompts the user to quit the app so it can update.

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools

ponyboy
New Contributor II

@gshackney Try this: create an empty package in Composer, add the script to downloads/installs the app as a Post-Flight script to the empty package, and now you can use that with patch management policies. Basically the only payload in the package is the post-flight script that makes everything happen.

tonymuni
New Contributor II

@ponyboy When adding the postflight script Composer states it will be ignored as Flat Packages. How do I trigger a postflight script to run when launching the pkg created by Cpmposer?

tom-monkhouse
New Contributor II

We use the Jamf Patch Management option, with pkg's and it doesn't appear to have any impact on settings or user profiles.

xtian
New Contributor II

Thanks @dsavageED

I modified your script to use the pkg installer instead as it has the option to upgrade even if the chrome is in use 0103a5dd7e4b42b5967ad27975ddc693

Maxb
New Contributor II

@xtian - any chance you'd wanna share that script 🙂

killer23d
New Contributor III

@Maxb Script is not needed unless you need the version info, I just set up a policy to execute the following command:

curl -L https://dl.google.com/dl/chrome/mac/universal/stable/gcem/GoogleChrome.pkg -o /tmp/GoogleChrome.pkg && installer -pkg /tmp/GoogleChrome.pkg -target / -verbose