Updating Chrome

Andrewpants1
New Contributor III

Trying to update google chrome via script is anyone implementing this already?

1 ACCEPTED SOLUTION

itupshot
Contributor II

@Andrewpants1 BTW, this is Google's official way of handling updates for Chrome:

Manage Chrome updates (Mac)

View solution in original post

22 REPLIES 22

carlo_anselmi
Contributor III

I use a slightly simplified version of this with an ongong policy+recon scoped to a smartgroup whose criteria is Application Title - has - Google Chrome.app
and
Application Version - not like - put the latest version here

Hope this helps
Carlo

carlo_anselmi
Contributor III

itupshot
Contributor II

@Andrewpants1 BTW, this is Google's official way of handling updates for Chrome:

Manage Chrome updates (Mac)

ammonsc
Contributor II

Does anyone else use Patch Management for this?

thuvarakan
New Contributor II

Followed that article from Google and made the value 0 but auto update is still not turned on or states it is managed by the org...I wonder if I am doing something wrong. This is what I have in the plist:

<dict> <key>updatePolicies</key> <dict> <key>global</key> <dict> <key>UpdateDefault</key> <integer>0</integer> </dict> </dict>
</dict>
</plist>

CosbergEDP
New Contributor II

jamf_sam
Moderator
Moderator

The Chrome for Enterprise Team has published a new kBase on Managing Chrome Browser Updates with Jamf Pro (macOS). This takes advantage of Jamf's Application and Custom Settings Payload.

howie_isaacks
Valued Contributor II

I just use patch management. It works great. That said, I think Chrome for Mac is 💩

G_M__webkfoe_
New Contributor III

I did upload the plist file in Jamf and deployed it to a test device, but Google Chrome seems to be not reading it as it is still showing up the request to turn on auto updates..

The file gets correctly deployed on the device.
I used the following code:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">



<plist version="1.0">
    <dict>
    <key>updatePolicies</key>
    <dict>
      <key>global</key>
      <dict>
        <key>UpdateDefault</key>
        <integer>0</integer>
      </dict>
    </dict>
    </dict>
</plist>

Any idea on what I am doing wrong?

40c45e116e064df3ac71e0918cff44c8

Not applicable

You Guys Use Google Chrome? Try Microsoft Edge. Much Better then Google Chrome

djrory
Contributor

@jefjam7812 Do you work for Microsoft?

tlarkin
Honored Contributor

Install Little Snitch, launch Chrome, and then do nothing, do not even load a web page, and watch all the outgoing TCP connections Chrome tries to make. Better yet, block web content in Parental Controls and watch it flip out constantly requesting creds to make outgoing connections.

There are only 2 ways to sanely manage Chrome. 1 - use the built in self update plist payload, or use AutoPKG. We have been using the MDM payload to manage Chrome updates and are results are generally pretty good.

PE2000
Contributor II

@G.M.(webkfoe)

hi

were you able resolve the issue with google chrome update issue?

Thanks

markopolo
Contributor

Does anybody have a definitive answer for this? I don't want to set up Google managed accounts or Cloud managed browsers. All of the Google documentation for this suggests I have to use one of those options. I just want to push out a simple plist config that will turn on auto-updates for my existing Chrome user base. Anyone?

sdagley
Esteemed Contributor II

@mcantwell See the thread Updates to Google Chrome deployment for macOS - Chrome is now available as a .pkg installer which automatically configures auto updates. Just deploy the package referenced in that post to your environment and you'll be set.

markopolo
Contributor
@mcantwell See the thread Updates to Google Chrome deployment for macOS - Chrome is now available as a .pkg installer which automatically configures auto updates. Just deploy the package referenced in that post to your environment and you'll be set.

That would be great for new deployments (I am currently using a script to install the latest Universal binary installer), but I don't want to cause potential disruptions by reinstalling Chrome for everybody. Is there a simple guide for turning on auto-updates for Chrome that's already installed? I keep seeing reference to com.google.Keystone.plist for controlling automatic updates. Would that involve just pushing a customized version of this file out to all my computers?

sdagley
Esteemed Contributor II

@mcantwell There's some configuration involved, so it's not just pushing a .plist. Here's a Python script you can run via a Jamf Pro policy that should enable auto updates for existing installs: https://github.com/hjuutilainen/adminscripts/blob/master/chrome-enable-autoupdates.py

I say should because Google has a habit of mucking with where the keystone tool lives in the application bundle.

thta
New Contributor III

I'm using a script that based on if the Mac is M1 or Intel mac deploys the right installer.

First i created two smart groups that assings the mac to M1 or Intel mac

Then i use Jamf's Patch Management to check for the latest stable version of Chrome.

I then have another smart group called Chrome Not Updated that is set to Patch Reporting: Google Chrome  IS NOT  Latest Version

Then have 2 policys running once every day at checkin with the scope Chrome Not Updated

One policy for M1 Macs and one for Intel Macs.
This policy then runs a script that downloads the latest stable version of Chrome and installs it. 

Script for Intel Macs:

#!/bin/sh

dmgfile="googlechrome.dmg"
volname="Google Chrome"
logfile="/Library/Logs/GoogleChromeInstallScript.log"

url='https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg'


/bin/echo "--" >> ${logfile}
/bin/echo "`date`: Downloading latest version." >> ${logfile}
/usr/bin/curl -s -o /tmp/${dmgfile} ${url}
/bin/echo "`date`: Mounting installer disk image." >> ${logfile}
/usr/bin/hdiutil attach /tmp/${dmgfile} -nobrowse -quiet
/bin/echo "`date`: Installing..." >> ${logfile}
ditto -rsrc "/Volumes/${volname}/Google Chrome.app" "/Applications/Google Chrome.app"
/bin/sleep 10
/bin/echo "`date`: Unmounting installer disk image." >> ${logfile}
/usr/bin/hdiutil detach $(/bin/df | /usr/bin/grep "${volname}" | awk '{print $1}') -quiet
/bin/sleep 10
/bin/echo "`date`: Deleting disk image." >> ${logfile}
/bin/rm /tmp/"${dmgfile}"

exit 0

Script for M1 Macs:

#!/bin/sh

dmgfile="googlechrome.dmg"
volname="Google Chrome"
logfile="/Library/Logs/GoogleChromeInstallScript.log"

url='https://dl.google.com/chrome/mac/universal/stable/CHFA/googlechrome.dmg'


/bin/echo "--" >> ${logfile}
/bin/echo "`date`: Downloading latest version." >> ${logfile}
/usr/bin/curl -s -o /tmp/${dmgfile} ${url}
/bin/echo "`date`: Mounting installer disk image." >> ${logfile}
/usr/bin/hdiutil attach /tmp/${dmgfile} -nobrowse -quiet
/bin/echo "`date`: Installing..." >> ${logfile}
ditto -rsrc "/Volumes/${volname}/Google Chrome.app" "/Applications/Google Chrome.app"
/bin/sleep 10
/bin/echo "`date`: Unmounting installer disk image." >> ${logfile}
/usr/bin/hdiutil detach $(/bin/df | /usr/bin/grep "${volname}" | awk '{print $1}') -quiet
/bin/sleep 10
/bin/echo "`date`: Deleting disk image." >> ${logfile}
/bin/rm /tmp/"${dmgfile}"

exit 0

 

In the Intel policy i set the scope to include all Macs in the group Chrome Not Updated and exclude Macs in the M1 group

In the M1 policy i set the scope to include all Macs in the group Chrome Not Updated and exclude Macs in the Intel group

 

Once the policy is done i use User interactions with a message saying
"Google Chrome is up to date.
Please reboot Chrome at possible time."


All done. 
This way i always know that the Macs have the latest version of Chrome and i don't have to touch anything. 
Hope someone finds this helpful! 😊

JCMBowman
New Contributor III

My updates with your script stalled out at Chrome version 98.0.4758.102. Here's the updated script I'm using that pulls the latest version:

 

 

#!/bin/bash -e
 
#######################
#
# Apps_Chrome_Update.sh
#
##########################
#
#	Last Updated 2022-March-15 by John Bowman
#
########################


pkgfile="googlechrome.pkg"
logfile="/Library/Logs/GoogleChromeInstallScript.log"

url='https://dl.google.com/chrome/mac/stable/accept_tos%3Dhttps%253A%252F%252Fwww.google.com%252Fintl%252Fen_ph%252Fchrome%252Fterms%252F%26_and_accept_tos%3Dhttps%253A%252F%252Fpolicies.google.com%252Fterms/googlechrome.pkg'


/bin/echo "--" >> ${logfile}
/bin/echo "`date`: Downloading latest version." >> ${logfile}
/usr/bin/curl -s -o /tmp/${pkgfile} ${url}
/bin/echo "`date`: Installing..." >> ${logfile}
/usr/sbin/installer -pkg /tmp/${pkgfile} -target /
/bin/sleep 10
/bin/echo "`date`: Deleting disk image." >> ${logfile}
/bin/rm /tmp/"${pkgfile}"

exit 0

 

schard
New Contributor II

Thanks for the updated script. It works great!

Thank you John, does your script work for both Intel and Silicon clients?

JCMBowman
New Contributor III

The installer is from here:
https://chromeenterprise.google/browser/download/#mac-tab
which states that it's for x86 and ARM. I'm guessing that by ARM they mean Apple Silicon.