Google Chrome is the most popular web browser in existence, and one ofour favorite browsers on Android. The downside is that its large user base makes Chrome an obvious target for bad actors who attempt to leverage vulnerabilities and exploit users and their data for personal benefit. Because Google maintains the open-source Chromium project, on which Chrome is based, the company shoulders the responsibility of keeping billions of netizens safe. With that in mind, Google is planning to start releasing stable channel updates more frequently on mobile and PC, so hackers have a slimmer chance of exploiting vulnerabilities before they are patched.
SinceChromium is open-source, hackers can see the details of active vulnerabilities which could be exploited, including those where a patch has been developed but not yet pushed out to users. This time period between a security patch release and its rollout is known as the “patch gap,” and to reduce itGoogle is upping the update frequencyfor stable refresh updates in Chrome from once every two weeks to once a week,9to5Googlereports.
Google already develops Chrome concurrently across four build channels to minimize the patch gap. The company updates Canary every night and the Developer build gets new versions every week. The Chrome Beta version is also updated weekly withmajor milestone updatesdelivered every fourth week, changing the version number from, say, 104 to 105.
The stable version of the browser receives milestone updates every four weeks, unless Google discovers critical vulnerabilities to patch more quickly with a Stable Refresh update - which until now have been pushed every two weeks.
Weekly security updates will start rolling out now with Chrome 116, and Google says the change will help it to push out security updates 3.5 days faster on average. That’s a solid improvement on the current 15-day patch gap, which itself is far shorter than the average 35-day patch gap prior to Chrome 77.
The smaller lead time between security patches will give bad actors even less time to exploit a loophole. The change may seem hellish for hackers, but for you, one-click updates will show up beside the overflow menu button (three-dot icon) in the top right corner when they are available.
To help encourage users to update more quickly, Google is also experimenting with new ways to show when an update is ready for you:
New Google update notifications being tested on desktop
Google is picking up the pace for you, and surely one click of that update button isn’t too big a price for your safety. On desktop, Chrome helpfully reopens the tabs after an update, so you can pick up right where you left off. On mobile, you canupdate Chrome through the Play Store, or you can just turn on auto-updates and Android will take care to schedule updates when you aren’t using the device or the browser.
