Google’s “milestone” Chrome releases on the stable channel coming every four weeks will now be accompanied by weekly security updates (previously every two weeks) to help close the “patch gap” between fixes appearing in Canary/Beta builds and when they are released to most users.
Bad actors could see what changes are made in beta builds and can confirm and exploit vulnerable users before the stable channel sees an update due to the breach, a real problem for a platform with billions of users who would be vulnerable.
Google’s security blog says that the new weekly updates, starting with Chrome 116, won’t change the way Chrome is used or updated, and major releases will still arrive at the same expected time. Previously, patch gaps lasted around 35 days for Chrome versions prior to 77 and have been reduced to around 15 days with the implementation of a bi-weekly patch cycle. Now, new weekly updates address this gap.
Apple has similarly adjusted its approach recently, adding rapid security updates that can be rolled out between major versions of iOS and macOS to keep up with growing security threats.
However, this means that users will see more updates overall. Google also mentioned a new update notification experience that adds an update status message inside the green banner at the top right of the Chrome window. (Previously it just said “refresh”.) Users can click on it and select “restart to refresh”, and it helpfully indicates that their tabs will reopen, so don’t worry! It is currently in testing for 1 percent of users on the stable channel.