Google is changing its approach by introducing weekly security updates for Chrome. The goal is to address vulnerabilities in the browser more swiftly and close the gap that can occur when patches are not promptly applied. This gap, known as the ‘patch gap,’ emerges when a security flaw in open-source software is fixed, but the fix hasn’t yet been integrated into the software using that open-source foundation.
Chrome is built upon the open-source Chromium browser, whose source code is accessible to all, allowing vulnerabilities to be identified and resolved by the community. Besides the standard version of Chrome, there are also early testing versions called Canary and Beta. These testing versions precede the official release of Chrome and Chromium. Cyber attackers can study the code of these testing versions to find vulnerabilities that haven’t been fixed in the stable release yet.
Since 2020, Chrome has received updates every two weeks, reducing the patch gap from 35 days to 15 days. Now, by moving to a weekly update schedule, Google aims to minimize the patch gap for Chrome users further. In cases where zero-day vulnerabilities are actively exploited, Google will issue updates outside the regular schedule to protect users. However, Google expects that introducing a weekly patch cycle will decrease the need for unscheduled updates.