Google Chrome will get weekly security updates
Google Chrome users will get security updates on a weekly basis. The search giant has published an article explaining why it is switching to a faster update cycle.
Security vulnerabilities in browsers and operating systems are often reported by individuals, or security labs, or rival browser-makers. They share their findings with the vendor, i.e. the company that makes the browser, to help them patch the exploits, and in turn help protect millions of users. This is pretty much common in the industry, for instance, when security experts report bugs to Google and Apple, the companies release an update with fixes for the risks. However, the one thing that makes the difference is how fast the company reacts to patch the security flaw.
As you may know, Chrome is built on the open source project called Chromium. When a security researcher reports a vulnerability to Google's Chromium project, the issues are analyzed by contributors and experts who review the changes to the source code. This includes information about bug fixes for the security flaws. These patches are then pushed to Chrome's Canary and Beta channels and tested for stability, compatibility and performance issues, before the fixes are made available for users in the stable channel.
Normally, Google releases a milestone update (i.e. version update, e.g. 115 to 116) to Chrome's stable channel once every four weeks. During the month between the current and the next milestone, Chrome gets a security update (and emergency updates) with fixes for any vulnerabilities that may have been found in the browser. These security updates land once every two weeks, this has been the case since Chrome 77 which was released in 2020.
The Mountain View company points out that while the openness of the Chromium project allows third-parties to find bugs and provide fixes for the same, it also results in a major problem. Threat actors who are monitoring the situation could be aware of new vulnerabilities and develop exploits against the unprotected versions of the browser. These aren't zero-day threats since Google would be aware of the flaws, they're n-day exploits, so called because they are known to be vulnerable and has a patch to fix said issue. Because it takes a couple of weeks for security patches to be released, many users could be exposed to these n-day exploits. Google wants to minimize the impact of these threats.
Apple began testing its Rapid Security Response system recently to fix security vulnerabilities quickly without having to wait for a monthly system update for iOS, iPadOS and macOS. This will allow users to protect their devices from zero-day threats much faster. What Google wants to do with Chrome is quite similar, it wants to move to a faster security update cycle.
Google Chrome to get weekly security updates
Google says that it will provide security updates for Chrome on a weekly basis, instead of its bi-weekly patches. This will reduce the window for hackers to exploit the bugs, and protect users from the threats faster than before. The weekly security patches for Chrome will include fixes for all critical and high severity bugs that were discovered in the previous build of the browser. This may also help Google prevent unplanned updates (emergency updates). The switch to weekly security patches will happen as soon as Chrome 116, which is scheduled to be released to the stable channel on August 15th.
This could also impact other Chromium-based browsers positively, so Microsoft Edge, Brave, Opera and Vivaldi could also get security updates faster, but as Google points out, this will depend entirely on the security update cadence of those browsers.
Google's announcement says that the company is also testing a new notification banner for Chrome updates. The browser will display an alert such as "Finish update, Relaunch to update, New Chrome available", to get the user's attention. Please excuse the blurry screenshot, but that's what Google's blog had. This notification banner is being rolled out on an experimental basis, to 1% of users.