Google is picking up the pace of Chrome security update releases

Posted by
Check your BMI
An image showing the Chrome logo surrounded by yellow circles
Image: The Verge
toonsbymoonlight

Google’s “milestone” Chrome releases in the stable channel that come every four weeks will now be accompanied by weekly security updates (previously biweekly) to help close the “patch gap” between fixes appearing in Canary / Beta releases and when they go out to most users.

Bad actors could potentially see what changes are made in beta builds and can confirm and exploit vulnerable users before the stable channel sees an update due to the gap — a real problem for a platform with billions of users who would be vulnerable.

The Google Security Blog says the new weekly updates, which will start with Chrome 116, won’t change how Chrome is used or updated, and milestone releases will still arrive at the same expected timing. Previously, patch gaps were around 35 days long for Chrome versions older than 77 and were reduced to about 15 days with the implementation of a biweekly patch cycle. Now, the new weekly updates address this gap.

Apple has similarly adjusted its approach recently, adding rapid security updates that can roll out between major iOS and macOS releases to keep up with increasing security threats.

However, this does mean that users will see more updates in general. Google also mentioned a new update notification experience that adds an update status message inside the green banner on the top right of the Chrome window. (Previously it just said “update.”) Users can click it and select “relaunch to update,” and it kindly states that your tabs will reopen — so no worries! It’s currently in testing for 1 percent of users on the stable channel.

windows of chrome with menu coming from green update available banner
The new update notification banner. Image: Google