5 Replies Latest reply on Mar 21, 2019 10:12 AM by Kelly.Walsingham

    Chrome Updating - Enterprise

    MorTech Rookie

           Hello Everyone,


      I'm currently working on a strategy on updating Google Chrome in our enterprise.  We currently have around 6000 devices and Chrome and IE are the 2 browsers we support for our enterprise applications.  With that said, we turn off Auto Updates to Chrome so we can test it before rolling it out to all of our devices.  These updates are turned off through a couple of commands that disable the google update services. 


      sc config "gupdatem" start= disabled


      sc config "gupdate" start= disabled


      The Chrome update process is as followed:


      1. Chrome Installation starts

      2. If a user is in Chrome, a new_chrome.exe is created and when the browser is closed the google update service will make the proper renames of the executable(s).

      3.  Since we have Google Update services turned off, that rename never takes place, which leaves them using an older version of the application until the next update.


      We reached out to Google and they gave us a solution:


      Issue - The setup.exe tries to replace chrome.exe during install, instead of aborting with an error code if the exe is already in use, it uses its own logic to dump a 'new_chrome.exe' beside the in use chrome.exe.  When the user drops the instances of chrome.exe and re-opens, the logic between chrome.exe and googleupdate.exe see this new_chrome.exe and attempt to overwrite the chrome.exe with new_chrome.exe. Using the credentials of the non-administrator who just fired it, causing the UAC prompt.


      Solution/workaround -


      Using command script

      1. Install the MSI

      2. Delete any old_chrome.exe if it exists.

      3. If new_chrome.exe exists, rename chrome.exe to old_chrome.exe (yes, you can rename an in use exe file)

      4. Rename new_chrome.exe to chrome.exe

      5. Using movefile.exe from pstoolkit, schedule a rename of new_chrome.exe to chrome.exe and a deletion of old_chrome.exe


      The problem with Google's solution is that, after renaming the chrome.exe to old_chrome.exe, users are unable to go to another website.  Links from within the website work, but you're not able to type another website in the browser until you close and re-open.


      I was hoping on suggestions or possibly other solutions on what other businesses are doing to update their Chrome.  We can't be the only company that's has the auto updating turned off.


      Any thoughts or suggestions would be greatly appreciated.




        • 1. Re: Chrome Updating - Enterprise
          michael.odriscoll SupportEmployee

          Hi Jamie,


          Thanks for posting to the Community.


          Please share any further updates here. It might be worth searching our Advice Center



          • 2. Re: Chrome Updating - Enterprise
            Hugues Rookie



            We have applied a GPO that disables Google Update which works fine because the user is not able to update Google Chrome


            The GPOs are:

                 HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Google \ Update

            • AutoUpdateCheckPeriodMinutes   REG_DWORD 0  ( Auto-update check period override = Disabled)
            • InstallDefault REG_DWORD 0  (Allow installation default = Disable )
            • UpdateDefault REG_DWORD 0  (Update policy override default = Enabled)


            When the update is deployed (WSUS/SCCM) , during the installation, the update deletes the entire key from:

                 ... Google \ Update


            So if there is a new version available on Google Update, then it is installed, because the GPOs have been deleted by the update.


            We tested it several times with the same result. If we run a gpupdate / force then the keys are reapplied.


            I am convinced that we are not the only ones to have this problem and I am wondering what solution companies have applied to counter this issue.


            Thank you for your help

            • 3. Re: Chrome Updating - Enterprise
              Hugues Rookie

              Hello Jamie,


              You can control Google Update by GPO, if you have a Windows Domain.


              Let me know if you want the solution



              • 4. Re: Chrome Updating - Enterprise


                We have recently got this issue a couple of version back of Chrome.

                We have found out that Ivanti has changed the way it installs Chrome.

                Earlier it killed Chrome before installing (shown under), now it seams it does not.




                For Each objProcess in colProcess

                if objProcess.Name = "chrome.exe" then

                strList = strList & vbCr & _


                end if




                Dim KMode



                KMode = CustomVariable("Kill Mode")



                If cInt(KMode) = 1 then


                log "Kill Mode = Yes" 



                   if strList <> "" then






                     ReportRepairResult true, "Kill process chrome.exe was done"

                • 5. Re: Chrome Updating - Enterprise
                  Kelly.Walsingham Rookie

                  we have had the same issue.

                  Personally I would like to see the Ivanti update kill google so we dont have to wait for the user to close and re-open the browser.

                  is that something that would be considered?