Details
Google Update manages installation of available Google Chrome updates from Google. This setting allows to define whether updates are to be applied automatically. Depending on the business scenario updates shall be applied periodically or also if the user seeks for updates.
Updates disabled: Never apply updates (0)
Always allow updates: Updates are always applied when found, either by periodic update check or by a manual update check (1)
Manual updates only: Updates are only applied when the user does a manual update check (2)
Automatic silent updates only: Updates are only applied when they are found via the periodic update check (3)
Disabled (0): Google Update handles available updates as specified by ‘Update policy override default’.
The recommended state for this setting is: Enabled with a value of Always allow updates (1) or Automatic silent updates (3)
NOTE: This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain.
Rationale:
Software updates shall be applied as soon as they are available since they may include latest security patches.
Impact:
Latest updates are automatically applied at least periodically.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to Enabled: Always allow updates (recommended) or Enabled: Automatic silent updates only:
Computer ConfigurationPolicesAdministrative TemplatesGoogleGoogle UpdateApplicationsGoogle ChromeUpdate policy override
Default Value:
Inherit the value from ‘Update policy override default’.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.