Track Chrome Browser usage and events

Applies for managed Chrome Browsers on Windows.

As a Chrome administrator, you can monitor Chrome Browser on your users’ Microsoft® Windows® computers by installing the Chrome Reporting Extension. With the extension, you can monitor health indicators, usage behavior, and security events.

What you can monitor

You can monitor the resource consumption of the Chrome Browser, signed-in status, connectivity, usage patterns, and browsing behavior. For more details, see Review and troubleshoot reports (below).

The extension data is stored in a structured log file in JSON format. You can use a common enterprise data-mining tool, such as Splunk or Microsoft System Center Configuration Manager (SCCM,) to ingest and parse the data.

Install the reporting extension

  1. Use the Group Policy Management Editor to force-install the Chrome Reporting Extension. See detailed steps for force-installing the extension.
  2. Download the Chrome Reporting Extension MSI.
  3. Deploy the MSI package using your preferred software.
  4. Download the ADMX templates to turn on or off real-time reporting.
  5. Check that the %LOCALAPPDATA%\Google\ChromeReporting path was created to verify MSI installation.
  6. Verify the extension was installed on users’ computers. The Chrome Web Store ID is emahakmocgideepebncgnmlmliepgpgb.

Try out the reporting extension (beta)

To test beta features in the reporting extension, download the beta MSI, beta ADMX policy templates, and beta version of the extension.

Manage extension data

Data collection location

Once installed and active, the extension collects data and stores it in a file located in %LOCALAPPDATA%\Google\ChromeReporting. The file is constantly updated with new data. We recommend removing the file after it’s ingested or using a log-rotation tool to rename the file and split logging intervals.

Note that in addition to the reporting extension, error reporting for Chrome Browser can also be found in the System Event Log. You can gather the data labeled “chrome” in this log to review other events. This data is not copied in the reporting extension file to avoid duplication.

Data collection frequency

The log file is updated once per minute (at most). How often data is collected depends on the activity.

  • Data that doesn’t frequently change is collected once when a user starts Chrome Browser or every 24 hours if the browser is left running.
  • Data that frequently changes, such as resource consumption, is gathered every hour.
  • User browsing behavior is aggregated at one-hour intervals.
  • Changes to the extension and browser sign-in status are updated immediately when the event happens.

Review and troubleshoot reports

Extensions and plugins

List of installed Chrome Extensions

Description: Extensions running on your users' devices, including version, any permissions needed, and installation source.

Used to: Detect anomalies and potential security risks. For example, you can:

  • Investigate force-installed extensions that are disabled. You can search for reports with type == "admin" and enabled == false. A force-installed extension that’s disabled can signal file corruption, malicious software, or users actively trying to prevent an extension from operating.
  • Locate programs that are not approved by your organization. You can find unpacked extensions installed from disk by searching for "developer" or "sideload".
  • Look for extensions that require wide or security-relevant permissions, such as extensions that request access to http://*/* or webRequestAPI. You can search for the permissions properties in the list of extensions in your report.

List of installed Plugins

Description: Installed plugins, such as Adobe® PDF® viewer and Flash® or PNaCl plugins.

Used to: Audit the plugins used in your organization. You can block any plugins that violate your organization's security policies.

Machine data

Machine name

Description: Name of the machine. This information can be considered Personally Identifiable Information (PII) and should be handled with care.

Used to: Uniquely pinpoint machines that need troubleshooting or are experiencing issues. It can also help with compliance or corporate policy investigations.

Network connectivity

Description: Information about the IP address, LAN, and internet status.

Used to: Diagnose issues with the network configuration of the browser. For example, you can use this information to diagnose proxy configuration problems or whether extensions interfere with network traffic.

OS and Chrome versions

Description: Operating system, version, and platform (x86, x64, or arm).

Used to: Diagnose issues that occur more frequently or exclusively on a particular operating system or browser version, or both.

Policy status

Description: Set of configured policies for Chrome.

Used to: Diagnose policy issues.

Telemetry data

Description: Metrics about how much CPU and memory Chrome Browser uses.

Used to: Help plan system upgrades and analyze performance issues caused by the browser or particular websites used in your organization.

UMA metrics and crashes

Description: This User Metrics Analysis (UMA) data contains technical information used by the Chrome Browser engineering team.

Used to: Debug Chrome crashes.

User data

Browsing History

Description: Aggregation (updated every hour) of the pages your users visit and the time they spend on each page (loaded, top tab, and focused tab time).

Used to: Find which sites employees spend the most time on, what errors they encounter, and whether any employees are violating any internet-usage policies.

Signed-in status

Description: Information about which user is signed in to Chrome Browser.

Used to: Identify users violating an internet-usage policy and verify the policy compliance of the Chrome Browser installation.

User behavior

Description: Browser usage on a per-site basis. Make sure that this information is collected according to local laws and regulations.

Used to: Track your users’ usage of apps and sites.

Windows/AD current username

Description: Username of the currently signed-in user if they’re in your Active Directory domain. This information can be considered Personally Identifiable Information (PII) and should be handled with care.

Used to: Figure out if issues are due to a machine or a user. Can also aid in finding misformatted group policy object (GPO) configurations.

Known issues

  • Crashes are only gathered from the default profile location, which is %LOCALAPPDATA%\Google\Chrome\User Data\. If a custom directory is used, crashes will not be recorded. For this reason, you should turn on automatic crash reporting.
  • No Google Safe Browsing data is gathered.
Was this article helpful?
How can we improve it?