How do you update critical Google Chrome versions?

leonwun
Contributor

Hey,

I roll out Chrome Updates passively using https://support.google.com/chrome/a/answer/9923111?hl=en.

As this config can not force any updates, I am sometimes required to manually force them in urgent cases. This was the case on Friday with the 88.0.4324.150 update.

For forcing this update I created a policy that installs the latest version of Chrome (I downloaded it from the official Google Chrome Website). After installing, it quits the browser via script so the update can be applied.

Weirdly, some clients were still on 88.0.4324.146 after running the policy.

Does anyone have an idea on how to force critical chrome updates (on minor chrome versions like X.X.X.146) more effectively?

7 REPLIES 7

rhooper
Contributor III

@leonwun we have used the script below with real good results. It looks tot eh version on the device, compares itt ot he version on the Web. Updates it as needed. I did not build that script but whoever did, we thank you!

!/bin/sh

dmgfile="googlechrome.dmg"
volname="Google Chrome"
logfile="/Library/Logs/GoogleChromeInstallScript.log"

url='https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg'

/bin/echo "--" >> ${logfile}
/bin/echo "date: Downloading latest version." >> ${logfile}
/usr/bin/curl -s -o /tmp/${dmgfile} ${url}
/bin/echo "date: Mounting installer disk image." >> ${logfile}
/usr/bin/hdiutil attach /tmp/${dmgfile} -nobrowse -quiet
/bin/echo "date: Installing..." >> ${logfile}
ditto -rsrc "/Volumes/${volname}/Google Chrome.app" "/Applications/Google Chrome.app"
/bin/sleep 10
/bin/echo "date: Unmounting installer disk image." >> ${logfile}
/usr/bin/hdiutil detach $(/bin/df | /usr/bin/grep "${volname}" | awk '{print $1}') -quiet
/bin/sleep 10
/bin/echo "date: Deleting disk image." >> ${logfile}
/bin/rm /tmp/"${dmgfile}"

exit 0

Right now we run that weekly, but when there is a critical update to be had, aka the last one, we run the policy at check in. When 75% of the devices have received the newest Chrome update, we back it off to Weekly.
Good luck to you.

jbisgett
Contributor II

I use Patch Management to force update Chrome to a specific version.

leonwun
Contributor

Hey @rhooper the script works well, thanks for sharing.

How do you go about ARM machines? I guess the link in the script only downloads the Intel-based version of Chrome. I can't find a similar link for ARM though.

jbisgett
Contributor II

I would use the link for the universal Chrome package, it works on both Intel and ARM.

https://dl.google.com/chrome/mac/universal/stable/gcem/GoogleChrome.pkg

coreyammons
New Contributor II

I would agree with @jbisgett here Patch Management is the way to go.

user-kxnarbenfO
New Contributor

Open Google Chrome. Click the three dots icon on the top right. Click Update Google Chrome. If this button is not visible, that means you are on the latest version of the browser.

user-kxnarbenfO
New Contributor
@leonwun we have used the script below with real good results. It looks tot eh version on the device, compares itt ot he version on the Web. Updates it as needed. I did not build that script but whoever did, we thank you! !/bin/sh dmgfile="googlechrome.dmg" volname="Google Chrome" logfile="/Library/Logs/GoogleChromeInstallScript.log" url='https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg' /bin/echo "--" >> ${logfile} /bin/echo "date: Downloading latest version." >> ${logfile} /usr/bin/curl -s -o /tmp/${dmgfile} ${url} /bin/echo "date: Mounting installer disk image." >> ${logfile} /usr/bin/hdiutil attach /tmp/${dmgfile} -nobrowse -quiet /bin/echo "date: Installing..." >> ${logfile} ditto -rsrc "/Volumes/${volname}/Google Chrome.app" "/Applications/Google Chrome.app" /bin/sleep 10 /bin/echo "date: Unmounting installer disk image." >> ${logfile} /usr/bin/hdiutil detach $(/bin/df | /usr/bin/grep "${volname}" | awk '{print $1}') -quiet /bin/sleep 10 /bin/echo "date: Deleting disk image." >> ${logfile} /bin/rm /tmp/"${dmgfile}" exit 0 Right now we run that weekly, but when there is a critical update to be had, aka the last one, we run the policy at check in. When 75% of the devices have received the newest Chrome update, we back it off to Weekly. Good luck to you.

Thanks for the update and quick reply. I'll be sure to keep an eye on this thread. Looking for the same issue. Bumped into your thread. Thanks for creating it. Looking forward for solution.