Nowadays, there’s no escaping the constant threat of evolving digital security vulnerabilities. Any tech firm shipping and updating a web browser has to stay on their toes if they want to remain relevant. With more and more services and apps moving to the web, there are more reasons for web browsers to become targets now more than ever. And because of this reality, Google is making major strides to beef up security in Chrome with a very important change to their browser’s security protocol.
Shrinking the “patch gap”
One of the major challenges that Google faces with Chrome is referred to as the “patch gap”. This gap represents the delay between when security fixes are introduced in the preliminary versions (Canary/Beta) of Chrome and when they’re rolled out to the stable channel most users rely on. With malicious actors potentially exploiting this delay, countless users are at a potential risk.
The source of this challenge lies with Chromium – the open-source project that powers Chrome and numerous other browsers. This open-source transparency allows anyone to view and submit changes to the source code, even those related to security bug fixes. While this approach offers the advantage of more rigorous testing and early bug detection, it does come with risks. Malicious entities can view these changes and potentially craft exploits for users who haven’t yet received the security fix – known as “n-day exploitation.”
To mitigate this risk, Google is aiming to minimize the patch gap as much as possible. Chrome started addressing this in 2020 with version 77 by releasing updates every two weeks, cutting down the average patch gap from 35 days to around 15. But now, beginning with Chrome 116, stable updates will be shipped weekly, further reducing this patch gap and making it significantly tougher for potential “n-day” attackers.
User Experience
Despite the update frequency increase, Google assures users that their interaction with Chrome won’t change. But the upside? Security fixes will now arrive even faster.
This swifter approach isn’t just about staying one step ahead of potential threats; it’s also about addressing and deploying fixes for critical and high-severity bugs that might be at risk of exploitation. The new weekly cadence means users won’t be kept waiting for the next bi-weekly update when there’s a problem; but will instead be given an update as swiftly as possible, ensuring enhanced protection for users and their data.
Moreover, with these more-frequent releases, Google anticipates a decrease in unplanned updates, which previously had to be rolled out whenever a security exploit was detected. All-in-all, this feels like a net win for everyone.
Staying Updated: What Users Should Know
As always, users should make certain their Chrome browser is updated as soon as notifications appear. And if you are worried about disruptions by these updates, don’t be too troubled: Chrome has provisions to ensure all your open (non-incognito) tabs and windows will be saved and reopened after the update. Google is also in the process of experimenting with better ways to notify users of these updates, too, so you can stay in the know for the latest patches and security fixes with Chrome.
These weekly updates should begin with the rollout of Chrome 116 in the next couple of days. At this point, the main milestone updates will still happen every 4 weeks and you should start seeing weekly notifications regarding security and bug patch updates. And while other browsers like Microsoft Edge are running on the same open-source Chromiuim base, please note that they aren’t beholden to this new update frequency. For now, if you want this level of security, you’ll want to stick with Chrome.
Join Chrome Unboxed Plus
Introducing Chrome Unboxed Plus – our revamped membership community. Join today at just $2 / month to get access to our private Discord, exclusive giveaways, AMAs, an ad-free website, ad-free podcast experience and more.
Plus Monthly
$2/mo. after 7-day free trial
Pay monthly to support our independent coverage and get access to exclusive benefits.
Plus Annual
$20/yr. after 7-day free trial
Pay yearly to support our independent coverage and get access to exclusive benefits.
Our newsletters are also a great way to get connected. Subscribe here!
Click here to learn more and for membership FAQ