1

We have been using Chrome's MSI and chrome's group policy templates to deploy it to all our users.

Lately we have been bitten by a few bugs that made it into release updates. The latest being scroll bars in select dropdowns not being draggable.

We want more control over when people get updated - so we can have a few of the more tech savvy staff try the newest version with our internal applications before everyone gets it.

I found the documentation on disabling automatic updates and pushing out new MSIs to upgrade, but:

  • I couldn't find out if google puts out a new MSI for every update or only major version updates?
  • If it is only major updates is there a way for everyone to still get security updates until the next major version is releases? (and hope the minor updates don't break anything)
Grant
  • 17,671
  • 14
  • 69
  • 101

2 Answers2

2

I have Chrome deployed fairly widely in a few different Customers and I've had to contend with this.

Here's where Google relates the policy:

We release a new "major" version to the stable channel about every six weeks. We also update the stable channel between major updates if we have important crash or security fixes.

If you're looking to repair an existing MSI installation, and you left auto-updates on, you can repair with the latest stable MSI.

That's not as crystal-clear as I'd like it to be, and I suspect you'll feel the same way.

We have disabled automated updates, test new versions in limited deployments and, when they test "good", deploy the new MSIs to "upgrade" the old versions. Sounds like something very similar to what you're looking to do.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
  • Thanks. That is exactly what I want to do. The part I'm uncertain about is if those crash and security fix updates get a new msi released. Any idea? Any other issues I should be aware of that you have run into? – Grant Jan 16 '14 at 23:59
  • Its unclear to me, and to the guy who I work with on this at one of my larger Customer sites, too. Now you've got me thinking that I should probably be scraping that MSI regularly and sending out notifications when it changes... Hmm... – Evan Anderson Jan 17 '14 at 00:34
  • I'm thinking my monitoring system could download it once a day, record the md5sum and notify me when it changes. Guess the only way to see if minor updates are released by msi may be to check if regularly until such an update comes out. – Grant Jan 17 '14 at 00:36
  • Google isn't doing us any favors on that front. I'm not finding the download at a static URL. I did find this list of older Chrome MSI versions: http://www.oldapps.com/google_chrome.php We keep an archive of the versions we've deployed and, as far as the 8 that we have in that archive, these do match. It looks like they're not releasing "minor" updates to the MSI to me. – Evan Anderson Jan 17 '14 at 00:39
  • well that leaves me with keeping a possibly vulnerable version or auto update to an untested one. that's unfortunate... – Grant Jan 17 '14 at 00:43
  • On second glance...that site and several others do show a few non-major releases. – Grant Jan 17 '14 at 00:57
  • I found the direct download link - http://dl.google.com/chrome/install/GoogleChromeStandaloneEnterprise.msi gets the latest version. – Grant Jan 17 '14 at 01:15
1

From watching the last few updates, it looks like a new MSI file is released with each release channel update, both major and minor.

So automatic updates can be completely disabled, and rely on the IT staff pushing out each update after appropriate testing.

Instead of watching the release blog, I came up with a relatively simple script to identify when a new version is released. With a few tweaks this could be fed into a monitoring system to alert you that there is a new version to test:

wget http://dl.google.com/chrome/install/GoogleChromeStandaloneEnterprise.msi && md5sum GoogleChromeStandaloneEnterprise.msi && file  GoogleChromeStandaloneEnterprise.msi | grep -o 'Comments:[ 0-9.]*'

This downloads the latest MSI file (hopefully google doesn't change that link...it was rather difficult to find a direct link to it), calculates the MD5sum to see if it has changed, and extracts the version number from the comments field of the MSI.

Grant
  • 17,671
  • 14
  • 69
  • 101