How safe is a Chromebook after it stops receiving Chrome OS updates?

In case you didn’t know already, every Chromebook has a predefined shelf life when it comes to getting Chrome OS updates. This is based on the CPU on your Chromebook, and Google has a website that shows when each Chromebook is no longer receiving these automatic software updates.

You can also see the date on your device itself: go to Settings, select About Chrome OS, then click Additional Details.

So what happens after your Chromebook has passed the auto-update period?

Well, for one, it still works. As always. And that’s good. However, at this point in time, no new features will be found in future Chrome OS updates.

That can’t be a big deal in the bigger picture. However, there is one bigger influence that you should be aware of. And that has to do with some kind of security patch.

When Google applies security updates to Chromebooks, the devices that are past the support date will not receive them. And that’s clearly not a good thing.

Nor is it something that you can completely tone down on your own. I mention this based on an email question I received from Jeff:

Does installing Edge or Firefox on a Chromebook that is no longer receiving updates provide security that Chrome no longer offers?

This is a great question and the answer deserves some explanation because the devil is in the details.

Yes, you can install Microsoft Edge on a Chromebook or any other browser that supports Android or Linux. And that browser receives software updates that contain all security patches. However, this only protects your browsing activities in that third-party browser. This is helpful, but not a complete security solution.

Edge browser on a Chromebook

Why? Because Chrome OS itself is the desktop platform that controls the show.

That is, while your browsing activities with Edge, Firefox, or any other browser offer security, the underlying software does not.

For example, Chrome OS runs on Linux. So if the Linux kernel needs a security patch and your device cannot receive the update, you are at risk. And while Chrome OS exploits were rare, blind reliance on an unpatched desktop operating system doesn’t make me feel warm, fuzzy.

So the shorter answer is, yes, an updated third-party browser will improve security on a Chromebook that is no longer receiving Chrome OS updates, but this is not an ideal situation.

But don’t panic. Do you remember when I said, “The way it looks now …”?

I have described the current situation, which is about to change in a potentially positive way.

First, Google bought Neverware earlier this year. If you are unfamiliar with this company, they make Chromium OS software images under the CloudReady brand that can turn older devices into Chrome devices.

Chromium OS is the open source version of Chrome OS; The latter has Google proprietary bits. So they are similar, but not exactly the same. It’s possible that Google’s takeover of Neverware will bring platform-level updates to older devices.

Second, Google is working to separate the Chrome browser from the Chrome OS itself. In essence, the browser is not integrated into the operating system, but integrated as a standalone app called LaCros. I’ve already covered LaCros, a Linux version of the Chrome browser, but here’s an overview of LaCros vs. Chrome vs. Chrome OS in case you need a refresher.

Lacros experimental on Chromebook
LaCros browser (yellow icon) on a Chromebook

This essentially allows Google to update the native Chrome OS browser after a Chromebook stops receiving Chrome OS updates. In a way, it’s the exact same approach Jeff asks for, only for Google’s own browser.

This approach is certainly helpful, but for maximum security, Chrome OS itself must receive security patches.

Note that Chrome OS was designed for security. And there have only been a handful of persistent Chrome OS exploits that remain active on a Chromebook after a reboot. So the security of Chromebooks without future Chrome OS updates doesn’t seem like a huge issue. At least not now.

Despite this relatively solid track record, I personally wouldn’t use an “expired” Chromebook and just trust it to be a safe experience. I would rather not take the risk. Instead, I’d buy a new Chromebook, knowing it will be receiving Chrome OS software updates for the next eight years. On the other hand, Neverware’s CloudReady integration could resolve the situation at some point in the future. That would breathe new, safer life into older Chromebooks.

About Willie Ash

Check Also

The newly found Lightning Framework offers a wealth of Linux hacking capabilities

The software framework has become indispensable for the development of almost all complex software nowadays. …