Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

How to update Chrome automatically

I have just written a blog post on how to automatically update Google Chrome using Jamf if anyone is interested. You can find my blog post here:

I have seen a few different methods posted here, but most require some admin intervention (uploading new packages, changing version numbers etc.) but this method is fully automated. Create the Extension Attribute, Smart Group and Policy and you're good to go! Every time Google release a new version of Chrome, this script will automatically grab it and install it on your Macs.

Like Comment
Order by:
SOLVED Posted: by bpavlov

I haven't implemented this, but just reading through the script, it looks like you are literally overwriting the Google on the client already. In my experience having done this with a package in the past, this has the effect of causing issues when new tabs are opened and not being able to navigate to new websites. So in essence if you want to do this, you need to make sure Google Chrome is not opened otherwise the user may run into that issue. Again, I haven't tested your workflow so I'm going off what I'm reading in that script. Curious to hear how long you've been using this workflow and what your experience has been from the end-user side.

SOLVED Posted: by LewisLebentz

We have been using this method (less the automated version part) for around a year now, and haven't had any issues. With a few hundred Macs reporting in, I'd probably have heard a complaint or two if it was causing issues with new tabs!

I tested it when we initially deployed it and all seemed fine, but Chrome has changed a lot since then, so I'll do some further testing when I'm back in the office and will update you.

SOLVED Posted: by LewisLebentz

@bpavlov just did some further testing, ran the script a few times deleting Chrome whilst using it, open new tabs, browsing etc. and didn't notice anything whatsoever.

So can confirm there is still no noticeable effect for the end user if you run this.

SOLVED Posted: by RobertBasil

Saw your post on Reddit about this script. Going to install it today and give it a run.

Thanks for sharing.

SOLVED Posted: by mm2270

@LewisLebentz Thanks for your post, and showing your work. If nothing else, you pointed me to a resource I was previously unaware of. I'm not sure who developed or maintains the omahaproxy pages, but I looked it up to see more on it. It doesn't appear to be something Google maintains, but I'm not completely sure on that.

In any event, I've been looking for a more reliable way to get the Google Chrome current release number, since it seems Google obscurs it to the point of being impossible to get. I also have an "update" script that can update several products on the fly, doing live version checking, and incorporating Google Chrome into it has been a bear, because it was such a moving target to locate the latest version.

I found the team at omahaproxy have a simple plain csv file they host as well and was able to come up with the following very simple bash code to pull the current Mac version release from that. Posting it here so others can benefit.

curl -s | awk -F',' '/mac,stable/{print $3; exit}'

The above prints


which is the current version. I'll need to see if that still works when they release an update.
Hopefully those pages won't up and disappear someday, or go stale from lack of maintenance.

SOLVED Posted: by mm2270

LOL! No sooner did I post the above and Google released an update. Didn't need to wait long! The code above (and I assume your python EA as well) is working to show the new version, 57.0.2987.98, which means those pages get updated simultaneously along with new releases. Wow! Impressive!

SOLVED Posted: by LewisLebentz

@mm2270 just noticed the update too! Most of my Macs have already picked up the update because of the script, which is great!

I believe the OmahaProxy site is officially Google, I've seen it referred to in a few different places by Google. So I think it's safe to rely on, it's been around for a while too.

Just found some code that references it on Google's site:

Script is pretty similar to mine!

Thanks for sharing your code too. Much shorter than mine! Need to learn how to use awk at some point.

I did notice that Jamf haven't yet updated their patch reporting, so our pie chart is all red saying that the version number is 'Other' and in the list it reports it as 'Unknown' which isn't great.

SOLVED Posted: by cbrewer

Why use this work flow over Google's own system wide automatic updater? Especially when it can be enabled with a script.

SOLVED Posted: by LewisLebentz

@cbrewer ours users are all admins, so can override settings we push out. Even if they don't they may not restart Chrome.

This script forces an update on check in, without the user even noticing. It runs in the background, and doesn't require a restart of Chrome.

SOLVED Posted: by rayabril

So with @mm2270 new script, what should final Extension Attribute code look like? Sorry i'm new to this and pretty green when it comes to coding.

SOLVED Posted: by bpavlov

@cbrewer what's the script you're referring to use the internal update tool from Google?

SOLVED Posted: by cdenoia

Hey @LewisLebentz

Excellent post!

SOLVED Posted: by May

Thanks ! @LewisLebentz @mm2270

What a time saver! i've seen no issues using it whilst Chrome is open,
it will also install the latest Chrome if it's not installed, here's the EA i'm using to report,


if [ ! -f "/Applications/Google" ] ; then
echo "<result>Chrome isn't installed</result>"
exit 0

INSTALLEDVERSION=$( defaults read "/Applications/Google" CFBundleShortVersionString )
CURRENTVERSION=$( curl -s | awk -F',' '/mac,stable/{print $3; exit}' )


echo "<result>latest - $CURRENTVERSION</result>"


echo "<result>old</result>"

SOLVED Posted: by Kyuubi

@mm2270 @LewisLebentz pardon my ignorance but I would love to get this working at my site. I saw the curl command that @mm2270 put above and i saw it incorporated into the EA that @May wrote. What I don't understand is how that curl command pulls down the latest version and installs it. What am I missing.


SOLVED Posted: by mm2270

@Kyuubi The script above from @May is an Extension Attribute, not the script that updates Chrome. The EA is part of the whole workflow put together by @LewisLebentz in his original post up top. You would use an EA similar, or identical to the one May posted above to gather Macs that are out of date according to what is noted on the omahaproxy pages for the latest Chrome version. This can then be used to gather out of date Macs in a Smart Group, which can in turn be scoped to the policy that would update them. Refer to Lewis' OP at top for his script that updates Chrome. There are others posted on the forums here as well. Essentially any script that would pull Google Chrome down, mount the DMG, copy over the app (overwriting the old one) and so on and so forth.

Hope that helps.

SOLVED Posted: by Kyuubi

@mm2270 Thanks for the response. I understand all you wrote above, I'm just having trouble finding the actual script that does the pulling and installing. I've checked @LewisLebentz blog and github pages but can't find the script. Making me feel stupid.

SOLVED Posted: by Kyuubi

.......found it

SOLVED Posted: by mm2270

@Kyuubi OK, good! Was just about to post a more direct link to the script if I could for you. :)

SOLVED Posted: by ryan.ball

I actually incorporate the as a postinstall in my AutoPKG Chrome recipe now and this seems to be working well.

SOLVED Posted: by tld75000

@LewisLebentz Not working for me, maybe missing a step or something. When Lewis says " I made a Smart Group targeting all Macs where Chrome Version = Old" how does that translate into the Smart Group, how do you create it.

SOLVED Posted: by JeffA

@LewisLebentz Any update on creating the Smart Group? This would be great to implement but I am in the position as @tld75000. How do you create a Smart Group with the Criteria of "Chrome = Old"? Any help would be appreciated. Thanks.

SOLVED Posted: by tep

@JeffA you can do a smart group with the criteria "Chrome like old"

SOLVED Posted: by mackjohn

The windows pop up message when the new version of chrome launch. I don't think so you need to go for automatic chrome update.

SOLVED Posted: by Andy_W

@JeffA You've probably figured this out already. For anyone who creates the Extension Attribute, you would create a Smart Group and there will be a "New Criteria" with whatever you named the EA. For example, I named mine Chrome Version, so I have a new criteria option called Chrome Version, then I just use the value is "old".

SOLVED Posted: by rhooper

I still cannot get the Chrome Version Smart group to post any devices.
Added the EA script. and then created the smart group with Version = Old. Still nothing there after 1 hr. Any help or direction is appreciated.

The actual Chrome updater script works awesome! Thank you.

SOLVED Posted: by merps

@rhooper EAs update when device inventory updates - during a jamf recon. From what I understand, most environments will run recon daily or once a week.

I'd take a system, do a manual recon, and then check the computer record in the category you used for the EA. This will help you verify whether the EA is working for you. You also may need to use a lowercase "o" in Version = old.

SOLVED Posted: by rhooper

@merps OH yeay, the ol' Recon weekly thing.
Thanks for the reminder.
I wonder, can I use a recon policy to push and receive more devices? so far only 2 show.....

Problems logging into JAMF Pro right now... errors galore!

SOLVED Posted: by vvujcic

This great @LewisLebentz . Thanks for sharing! I added an extra if/else in the original EA script to also detect/output if Chrome is not installed all together similar to @May

import json
import urllib2
import os.path
import plistlib

url = ''
resp = urllib2.urlopen(url)

data = json.loads(

for each in data:
    if each.get("os") == "mac":
        versions = each.get("versions")
        for version in versions:
            if version.get("channel") == "stable":
                latest = (version.get("current_version"))
                print latest

chromeExists = os.path.exists("/Applications/Google")

print chromeExists

if chromeExists:

    plistloc = "/Applications/Google"

    pl = plistlib.readPlist(plistloc)
    pver = pl["CFBundleShortVersionString"]
    print pver

    if latest == pver:
            print "<result>Latest</result>"

            print "<result>Old</result>"

    print "<result>NotInstalled</result>"

Fairly new to python and JAMF so any criticisms are more than welcome. Thanks!

SOLVED Posted: by josh.perlman

Thanks for this info @LewisLebentz! One thing I minor edge case that could be a security problem is your script installs /Volumes/Google Chrome/Google regardless of if that path already exists or not.

I added the following prior to the rest of your install script:

if [ -d "/Volumes/Google Chrome" ]; then
  /bin/echo "`date`: Chrome image already mounted" >> ${logfile}
  exit 1
SOLVED Posted: by brunerd

Since updating Chrome is in the news these days, making sure AutoUpdates are on brought me here...

Google's Manage Chrome updates (Mac) page totally underplays what's needed saying you just need to set a key:

We recommend that you keep auto-updates turned on so your users receive critical security fixes and new features as they become available. Open the file in your preferred XML editor. Under the updatePolicies key, add the Chrome Browser UpdateDefault key entry, and set the key value to 0. The following example shows settings for Chrome Browser ( that turns on auto-updates: <key>updatePolicies</key> <dict> <key>global</key> <dict> <key>UpdateDefault</key> <integer>0</integer> </dict> </dict> Save your changes.

Which is annoying for two reasons: 1) It's assuming you have the Keystone daemon running and 2) Their snippet leads to authoring errors, in some other thread it's in a plist but not properly formatted, you have to have the whole thing enclosed in a dictionary like so...

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">

Which is still useless from my testing, even if this plist is deployed to the domain as a Config Profile, and you make sure Google Software Updates is installed it will STILL ask the end user to enable updates... and auth as an admin.

I took the Python script found in this thread: Auto update Google Chrome script? and BASH-ified it, streamlined it taking out keyname variables and such and added in a couple script that get run when the button is manually clicked in Chrome and I have this:

#Joel Bruner

#specify a custom path in parameter $4 or just take the default

#no exist? exit.
[ ! -e "${appPath}/Contents/Info.plist" ] && exit

appVersion=$(defaults read "${appPath}/Contents/Info.plist" CFBundleShortVersionString)
updateURL=$(defaults read "${appPath}/Contents/Info.plist" KSUpdateURL)
productID=$(defaults read "${appPath}/Contents/Info.plist" KSProductID)

"${appPath}/Contents/Versions/${appVersion}/Google Chrome Framework.framework/Versions/A/Resources/" 2>/dev/null 1>&2
"${appPath}/Contents/Versions/${appVersion}/Google Chrome Framework.framework/Frameworks/KeystoneRegistration.framework/Resources/ksinstall" --install "${appPath}/Contents/Versions/${appVersion}/Google Chrome Framework.framework/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" --force
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin --register --productid "${productID}" --version "${appVersion}" --xcpath "${appPath}" --url "${updateURL}" --tag-path "${appPath}/Contents/Info.plist" --tag-key "KSChannelID" --brand-path "/Library/Google/Google Chrome Brand.plist" --brand-key "KSBrandID" --version-path "${appPath}/Contents/Info.plist" --version-key "KSVersion"
"${appPath}/Contents/Versions/${appVersion}/Google Chrome Framework.framework/Versions/A/Resources/" "${appPath}" 2>/dev/null 1>&2

Use it in good health!

SOLVED Posted: by G.M.

@brunerd Your script worked well for me!! Greatly appreciated!!

SOLVED Posted: by piagetblix

@LewisLebentz Instead of creating the EA, couldn't you have your smart groups (one for up to date and another for out of date) use Criteria: patch reporting, Google Chrome.

SOLVED Posted: by chris.kemp

@piagetblix I was just looking at this today, but unfortunately the "Latest Version" seems unreliable - Patch Reporting says that 80% of our fleet is on the current version, but Smart Groups flagged more than this as "Is not" "Latest Version"...

SOLVED Posted: by larry_barrett

Keep in mind there needs to be a recon before everything is accurate. Once all the devices check in you'll have a clearer picture. If you do not have todays inventory you don't have the full picture.