Google is switching to weekly Chrome updates to boost security
Google has announced that it will release security updates for Chrome on a weekly basis, doubling the speed with which fixes are delivered to the stable channel.
This will not change the release schedule for significant new versions of Chrome, but it means that users of the browser can enjoy greater security. Google's change in pace is designed to reduce the "patch gap", with the company saying that it treats "all critical and high severity bugs as if they will be exploited".
See also:
- All Windows 11 users should install the KB5029263 update as soon as possible
- Microsoft is disabling TLS 1.0 and TLS 1.1
- Microsoft drops support for dozens of Intel processors in latest Windows 11 system requirements update
Security patches have been released for Chrome on a bi-weekly basis for the last three years, but the new accelerated release schedule kicks in with Chrome 116. People who are signed up for the Canary and Beta channels for the browser will continue to serve as a testers for such patches ahead of wider rollouts.
Google says that it used to be the case that there was a 35-day delay between the discovery and patching of a bug -- the so-called patch gap. The move to fortnightly updates with Chrome 77 reduced this to 15 days, and now it will shrink further. In an announcement about the changes, the company explains:
While we can't fully remove the potential for n-day exploitation, a weekly Chrome security update cadence allows up to ship security fixes 3.5 days sooner on average, greatly reducing the already small window for n-day attackers to develop and use an exploit against potential victims and making their lives much more difficult.
Google adds:
Not all security bug fixes are used for n-day exploitation. But we don't know which bugs are exploited in practice, and which aren't, so we treat all critical and high severity bugs as if they will be exploited. A lot of work goes into making sure these bugs get triaged and fixed as soon as possible. Rather than having fixes sitting and waiting to be included in the next bi-weekly update, weekly updates will allow us to get important security bug fixes to you sooner, and better protect you and your most sensitive data.
Chrome will continue to issue notifications to users so they are aware that there is a patch to install, but changes may be afoot here. Google says that it is exploring improved ways of informing users about the availability of new updates. The company is conducting testing with around one percent of its userbase on the Stable channel.
Image credit: Ilya Sergeevych / Shutterstock