Manage updates on Chrome devices

As a Chrome administrator, you can manage Chrome operating system (OS) updates for devices in your organization. Chrome releases a full OS update about every 6 weeks. Minor updates, such as security fixes and software updates, happen every 2–3 weeks. The average full Chrome OS update is over 400 MB and minor updates are about 50 MB.

To keep Chrome devices secure and up to date, we recommend using automatic updates instead of manually updating devices. If your organization deploys thousands of devices or if you have bandwidth restrictions, you might need to customize how updates are deployed.

Configure auto-updates

Turn on auto-updates (recommended)

By default, Chrome devices update to the latest version of Chrome when it’s available. We recommend that you keep the default auto-update settings. That way, your users' devices will automatically update to new versions of Chrome OS as they’re released on the Stable channel. Your users will get critical security fixes and new features as they become available.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Device managementand thenChrome management.

    If you don't see Device management on the Home page, click More controls at the bottom.

  3. Click Device settings.
  4. On the left, select the organization that contains the devices that you want to make settings for.

    For all devices, select the top-level organization. Otherwise, select a child organization. Learn more 

  5. Go to Device Update Settings and then Auto Update Settings.
  6. From the Auto Update menu, select Allow auto-updates.
  7. At the bottom, click Save.
Turn off auto-updates (for testing)

If a Chrome OS release causes an issue in your organization, you can turn off auto-updates until the issue is resolved. You can also turn off auto-updates if your organization wants instead to push updates manually.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Device managementand thenChrome management.

    If you don't see Device management on the Home page, click More controls at the bottom.

  3. Click Device settings.
  4. On the left, select the organization that contains the devices that you want to make settings for.

    For all devices, select the top-level organization. Otherwise, select a child organization. Learn more 

  5. Go to Device Update Settings and then Auto Update Settings.
  6. From the Auto-update menu, select Stop auto-updates.
  7. At the bottom, click Save.
Use peer-to-peer automatic updates
If peer-to-peer (P2P) networking is available, devices can automatically update Chrome from nearby devices of the same model. This option reduces external network traffic. If P2P automatic updating fails or isn’t possible on your network, devices update as usual. They either download the update from Google’s servers or an intermediate web-caching proxy server.

For P2P automatic updating to work:

  • Your organization’s network needs to allow P2P connectivity.
  • Multicast DNS (mDNS) shouldn’t be filtered or blocked on the local area network (LAN).

Customize updates

Pin Chrome OS updates to a specific version

Not recommended. Google Cloud supports only the latest version of Chrome OS.

We recommend that users be on the latest version of Chrome, but sometimes you might need to specify which version your devices run. For example, a later version of Chrome OS might cause compatibility issues with tools in your domain. Or, you might find a critical issue while testing devices on the Beta channel.

You should avoid pinning to a certain version as much as possible. If you forget to unpin versions, devices can fall behind on critical security updates and miss out on new features.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Device managementand thenChrome management.

    If you don't see Device management on the Home page, click More controls at the bottom.

  3. Click Device settings.
  4. On the left, select the organization that contains the devices that you want to make settings for.

    For all devices, select the top-level organization. Otherwise, select a child organization. Learn more 

  5. Go to Device Update Settings and then Auto Update Settings.
  6. From the Restrict Google Chrome version to at most menu, select a Chrome OS version. Devices are prevented from updating to versions of Chrome OS beyond the version number you choose. For example, choose 65 to prevent devices from updating past Chrome version 65.
  7. At the bottom, click Save.

Troubleshooting

You can configure one or more of your Chrome devices to use the development (Dev) or Beta channel to help identify compatibility issues in upcoming versions of Chrome. For more information, see Chrome release best practices.

Stagger updates to reduce bandwidth usage on a network
Recommended if bandwidth is an issue

If your organization is deploying thousands of Chrome devices or you have network bandwidth restrictions, consider scattering automatic updates. You can scatter updates over a period of days, but you should choose the fewest days possible, such as 2 or 3. If you scatter updates over a longer period, some users might fall behind by more than one version.

The downloads occur at various times during this period to avoid causing traffic spikes that can impact old or low-bandwidth networks. Devices that are offline during this period download the update when they go back online.

You should set this policy to its default (none) or a low number unless you know your network cannot handle traffic spikes. A low number lets users benefit from new Chrome enhancements and features quicker. It also minimizes the number of concurrent versions in your organization and simplifies change management during the update period.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Device managementand thenChrome management.

    If you don't see Device management on the Home page, click More controls at the bottom.

  3. Click Device settings.
  4. On the left, select the organization that contains the devices that you want to make settings for.

    For all devices, select the top-level organization. Otherwise, select a child organization. Learn more 

  5. Go to Device Update Settings and then Auto Update Settings.
  6. From the Randomly scatter auto-updates over menu, select the period of time to scatter the updates, for example, 2 or 3 days.
  7. At the bottom, click Save.
Speed up updates
Recommended for all organizations

After an update gets applied to a Chrome device, users restart their devices for it to take effect. They get a notification prompting them to restart, but they might not restart the device for some time.

If you want devices to restart sooner, you can sign users out when the device lid is closed. That way, if a user doesn’t restart a device after an update and then closes the lid, the device restarts and completes the update.

Be sure to let users know that they should save their work before they close the lid so they don't lose it.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Device managementand thenChrome management.

    If you don't see Device management on the Home page, click More controls at the bottom.

  3. Click User settings
  4. On the left, select the organization that contains the users you want to make settings for.

    For all users, select the top-level organization. Otherwise, select a child organization. Learn more

  5. Go to Security and then Idle Settings.
  6. From the Action on lid close menu, select Logout.
  7. At the bottom, click Save.

Cache updates to reduce bandwidth

If your organization has an intermediate proxy cache set up on its network, you can use it to cache Chrome OS updates. Because these updates are downloaded from Google over HTTP, they can be cached on most web-caching proxy servers. Proxy caches reduce bandwidth and improve response times by caching and reusing frequently requested webpages.

However, many proxy cache default settings aren’t optimal for Chrome OS updates. To make sure that your proxy cache software can cache Chrome OS updates, experienced IT administrators can configure the following settings:

  • Maximum file object size—The maximum individual file size that the proxy will cache. For most web-caching proxy servers, the default maximum is smaller than the average Chrome OS update. Updates are downloaded as one file, so make sure that the maximum file object size is at least 1 GB.
  • Cache directory size—By default, some web-caching proxy servers cache objects in memory. Most of these servers can also be configured to cache to disk. Ensure that the cache has adequate storage space, either in memory or on disk. Browsers retrieve objects cached in memory faster than on the hard disk.
  • URL settings—If the server allows you to add settings for particular domains, give preference to dl.google.com, which is where devices get Chrome OS updates.
  • Maximum object size in memory—Servers don't keep objects larger than the specified value in memory. This value needs to be set high enough to keep Chrome OS updates in memory, but low enough to keep larger objects from hoarding the cache memory. Set the maximum object size in memory at a reasonable limit, such as 2,000 KB.
  • Cache space on disk—The total amount of hard disk space that the server can use to cache objects. If you have a large hard drive (more than 30 GB), you can increase the value to cache more objects.

Related topics

Was this article helpful?
How can we improve it?