Google Chrome will get weekly security updates
Google Chrome users will get security updates on a weekly basis. The search giant has published an article explaining why it is switching to a faster update cycle.
Security vulnerabilities in browsers and operating systems are often reported by individuals, or security labs, or rival browser-makers. They share their findings with the vendor, i.e. the company that makes the browser, to help them patch the exploits, and in turn help protect millions of users. This is pretty much common in the industry, for instance, when security experts report bugs to Google and Apple, the companies release an update with fixes for the risks. However, the one thing that makes the difference is how fast the company reacts to patch the security flaw.
As you may know, Chrome is built on the open source project called Chromium. When a security researcher reports a vulnerability to Google's Chromium project, the issues are analyzed by contributors and experts who review the changes to the source code. This includes information about bug fixes for the security flaws. These patches are then pushed to Chrome's Canary and Beta channels and tested for stability, compatibility and performance issues, before the fixes are made available for users in the stable channel.
Normally, Google releases a milestone update (i.e. version update, e.g. 115 to 116) to Chrome's stable channel once every four weeks. During the month between the current and the next milestone, Chrome gets a security update (and emergency updates) with fixes for any vulnerabilities that may have been found in the browser. These security updates land once every two weeks, this has been the case since Chrome 77 which was released in 2020.
The Mountain View company points out that while the openness of the Chromium project allows third-parties to find bugs and provide fixes for the same, it also results in a major problem. Threat actors who are monitoring the situation could be aware of new vulnerabilities and develop exploits against the unprotected versions of the browser. These aren't zero-day threats since Google would be aware of the flaws, they're n-day exploits, so called because they are known to be vulnerable and has a patch to fix said issue. Because it takes a couple of weeks for security patches to be released, many users could be exposed to these n-day exploits. Google wants to minimize the impact of these threats.
Apple began testing its Rapid Security Response system recently to fix security vulnerabilities quickly without having to wait for a monthly system update for iOS, iPadOS and macOS. This will allow users to protect their devices from zero-day threats much faster. What Google wants to do with Chrome is quite similar, it wants to move to a faster security update cycle.
Google Chrome to get weekly security updates
Google says that it will provide security updates for Chrome on a weekly basis, instead of its bi-weekly patches. This will reduce the window for hackers to exploit the bugs, and protect users from the threats faster than before. The weekly security patches for Chrome will include fixes for all critical and high severity bugs that were discovered in the previous build of the browser. This may also help Google prevent unplanned updates (emergency updates). The switch to weekly security patches will happen as soon as Chrome 116, which is scheduled to be released to the stable channel on August 15th.
This could also impact other Chromium-based browsers positively, so Microsoft Edge, Brave, Opera and Vivaldi could also get security updates faster, but as Google points out, this will depend entirely on the security update cadence of those browsers.
Google's announcement says that the company is also testing a new notification banner for Chrome updates. The browser will display an alert such as "Finish update, Relaunch to update, New Chrome available", to get the user's attention. Please excuse the blurry screenshot, but that's what Google's blog had. This notification banner is being rolled out on an experimental basis, to 1% of users.
Very good news by Google! Thanks @Ashwin for this article and also for the good news! :]
I am so thankful to know that Google honestly cares about the security and privacy of my Internet experience.
And I can say more indeed, Microsoft should release weekly security updates too!
This is why I use Chrome instead of Firefox, latheys and gentlethem. Say what you want about Google but they care about that user far more. Their privacy policy may be a bit questionable at times but they won’t let third parties have their way with you.
Anonymous, you might want to do a little more research into just what Google is up to. Google is actively trying to push “Web Integrity Environment”, which is codeword for blocking content filter functionality by forcing their virus-laden and deceptive ads to be on webpages, this on top of the spyware baked into chrome. Many of us use content filters to protect ourselves, and Google realizes that if they push WIE, they are going to have to publish security updates more frequently, as organized crime will get to chrome users first.
@Tony, organized crime and hackers attack Chrome because it’s widely used across the world. However, I am pretty sure that Chrome is one of the safest browsers nowadays, and furthermore it probably will be the safest one because of this increase of updates. Chrome with uBlockOrigin is a must have in any computer. I use Chrome, Firefox, Edge and Brave for some things, because I have my preferences of use according to my needs. For example, Edge is the best one to save entire websites in JPG files (that can be easily convert to PDF), whatever the long, whatever the wide, whatever the number of photos or any other kind of measurement. This saved me a lot of time for my studies, and now mostly all of my closest friends are using Edge to save websites for our homework and studies and projects.
Then Chrome is good for electronic identification cards (zero errors in years), Firefox is the best for online banking (zero errors in years) and for official websites too. And Brave is a perfect choice to browse for unknown sites or those that seem non trustable. By the way, one teacher of mine still uses Internet Explorer because they need the Silverlight plugin to access to one website (I don’t remember now what site, probably some academic resource). :S
not surprising with such an insecure engine. chromium has so many security issues, it probably makes sense to them to break them down into “smaller” (lols) weekly lots instead of monthly annoucements of massive incompetence