Chrome OS updates AUE featured

How secure is a Chromebook after it stops getting Chrome OS updates?

If you didn’t already know, every Chromebook has a pre-determined shelf life when it comes to getting Chrome OS updates. This has people wondering: are Chromebooks secure? The software update expiration date is based on the CPU inside your Chromebook. Google has a site showing when every Chromebook will stop getting these automatic software updates.

You can also see the date on your device itself: Go into Settings, choose About Chrome OS and then click Additional details.

Chrome OS updates

So what happens after your Chromebook passes the automatic update time period?

Well, it still works, for one thing. Just like it always did. And that’s good. But it won’t get any new features found in any future Chrome OS updates at that point.

That may not be a big deal in the overall picture. However, there is a larger impact that you should be aware of. And that has to do with any security patches.

As it stands now if Google pushes any security fixes to Chromebooks, the devices that are beyond the support date won’t get them. And that’s clearly not good.

Nor is it something you can completely mitigate on your own. I mention this because of an email question I received from Jeff:

Does installing edge or Firefox to a Chromebook that is no longer receiving updates does it provide you security that Chrome does no longer provide?

This is a great question and the answer deserves some explanation because the devil’s in the details.

Yes, you can install Microsoft Edge on a Chromebook, or any alternative browser that supports Android or Linux. And that browser will get software updates, which includes any security patches. However, this only protects your browsing activities in that third-party browser. That’s helpful but it’s not a full security solution.

Edge browser on a Chromebook

Why? Because Chrome OS itself is the desktop platform controlling the show.

That means while your browsing activity with Edge, Firefox, or some other browser offers security, the underlying software does not.

Chrome OS runs on Linux, for example. So if the Linux kernel needs a security patch and your device can’t receive the update, you’re at risk. And even though Chrome OS exploits have been few and far between, blindly relying on an unpatched desktop operating system doesn’t give me a warm fuzzy feeling.

So the shorter answer is: Yes, an updated third-party browser improves security on a Chromebook no longer receiving Chrome OS updates, but it’s not an ideal situation.

Don’t panic just yet though. Remember how I said, “As it stands now…”?

I’ve described the current situation, which is in the process of changing in potentially positive ways.

First, Google bought Neverware earlier this year. If you’re not familiar with that company, it makes Chromium OS software images under the CloudReady brand that can turn older devices into Chrome devices.

Chromium OS is the open-source version of Chrome OS; the latter has Google proprietary bits. So they’re similar but not exactly the same. It’s possible that Google’s acquisition of Neverware will bring platform-level updates to older devices.

Second, Google is working to split the Chrome browser from Chrome OS itself. Essentially instead of having the browser baked into the operating system, it will be integrated as a standalone app called LaCros. I’ve covered LaCros before, which is a Linux version of the Chrome browser, but here’s an overview of LaCros vs Chrome vs Chrome OS if you need a refresher.

Lacros on Chromebook experimental
LaCros browser (yellow icon) on a Chromebook

This essentially lets Google update the native Chrome OS browser after a Chromebook stops getting Chrome OS updates. In a sense, it’s the exact same approach that Jeff is asking about, only it’s for Google’s own browser.

Surely, this approach is helpful, but for maximum security, Chrome OS itself needs to get security patches.

Keep in mind that Chrome OS was designed with security in mind. And there has only been a handful of persistent Chrome OS exploits that stay active on a Chromebook after a reboot. So Chromebook security without future Chrome OS updates doesn’t appear to be a major issue. At least, not yet.

Even with that relatively solid track record, I personally wouldn’t use an “expired” Chromebook and just trust that it’s a secure experience. I’d rather not take the chance. Instead, I would purchase a new Chromebook, knowing that for the next eight years or so it will get Chrome OS software updates. Then again, Neverware’s CloudReady integration might resolve the situation at some point in the future. That would give new, secure life to older Chromebooks.

About the author

Kevin C. Tofel has covered technology since 2004. He's used ChromeOS since Google debuted the CR-48 in 2010, reviewing dozens of Chromebooks since then. He worked for Google's Chrome Enterprise team from 2016 to 2017, supporting the launch of Android app support. In his free time, he uses Chromebooks to learn software engineering at Launch School. In 2019, Kevin joined the CS Curriculum Committee at his local community college.

Liked this content? Subscribe for the free, weekly newsletter

32 thoughts on “How secure is a Chromebook after it stops getting Chrome OS updates?

    1. An up to date Linux computer will be more secure than an expired Chromebook, or any system bit receiving updates. Linux is also like Chrome OS in that malware is much less common than Windows.

  1. I understand that no software maker wants to support hardware forever, but eight years still seems low. Especially given that Chrome keeps getting support extended on Win 7 – now until Jan 22. So Chrome has been on Win 7 for 12 years, surely they should support hardware running their own OS just as long. Other features such a live caption worked first on Chrome Windows too. Seems Windows users are more important to Google than people who are investing in their own OS, that’s just poor customer service.

    The things in this article will improve things, but 8 years is too low 10-12 would be better, I’m not asking for infinite support just a bit fairer. Us users who love Chrome OS and buy high end Chromebook feel really let down by this. This is something that will not be forgotten or forgiven for a long time. For an OS that is still barely known outside of USA supporting longer was a huge selling point.

  2. I have one of these out of support chromebook. It was working fine until recently, when it was unable to properly display most online shipping websites. Well, my solution was to install full Linux on it, which I did and it worked just fine.

    1. That’s interesting! I’d always assumed that was possible, but not heard of anybody actually doing it before now. Care to share more details (eg model/specs, Linux distro, how easy/hard to do, performance after vs before)?

  3. Unless things have changed Neverware can’t be installed on Chromebooks – it was designed for older (eg Windows) computers. I have tried and failed!

  4. I was told you need to make a hardware modification (remove a link or a screw) before Neverware can run on a Chromebook – this isn’t necessary on an Intel/AMD device running Windows. I can run Neverware on a Lenovo Yoga i5 laptop by simply installing an image from a USB stick and it runs very well. I’ve never tried installing on an existing Chromebook configured machine. Lots of info if you Google the subject.

  5. I have a Google Pixel Chromebook 2015 with i7 processor and 16gb RAM – much higher spec than most “high end” chromebooks available today but still Google think it should be trashed. I am not going to replace it with another chromebook – in fact I bought a high end Windows laptop instead because I am not going to be suckered twice.

    For now my wife uses it occasionally (she has far fewer security issues than me as she doesn’t use online banking etc) but at some time I guess I will bite the bullet and install Linux. This machine likely has 3-4 years more to offer if the security issues can be resolved – it is still fast and reliable in every other way!

  6. I’ve taken c720’s, removed the write protect screw, flashed the bios.. installed neverware.. works with all the updates.

  7. Ok I admit im not good with computers and such like. But seeing al singing and dancing advertisements about chromebook. I bought a chromebook 2 months ago thinking it would help me with my Garmin 1030 bycycle gps.
    But no, chromebook will not support it. I’ve found other things won’t work on chromebook. Overall my android mobile does things far better than chromebook. I wish I had bought a “proper” laptop I feel I need to chuck it away , bin it and get a real laptop.

  8. If you have an out-of-support Chromebook, I very much recommend that you try and install Neverware Cloudready on it – especially if it’s a higher spec computer. Yes, you need open it up to remove the security screw, but that’s a few mintutes’ job in most cases. Cloudready runs on my old Lenovo Chromebook with only a couple of minor issues, and gets regular updates. (By the way, this has been the fate of my old Win laptops and Macbooks as well – they were too slow to run even decent Linux distros but work really well with Cloudready.)

  9. Chromebooks are pointless. You cannot do anything on them, other than browse the internet etc. I am a developer and have 2 Chromebooks, which were promotion freebies. Would never buy one. I hardly ever use them. One has just turned “obsolete” now anyway. Don’t bother imo

      1. I agree. I bought my Chromebook under the illusion the model was only one year old. After setting it up, find that it was only scheduled to receive updates for 4 years. Having to update your laptop (Chromebook) greatly increases the real cost.

  10. One of the biggest issues is that many people aren’t aware of this expiration date when buying a Chromebook and may end up getting a discounted one thinking that they are getting a deal but finding out that their “new chromebook” is near or beyond the expiration date.

  11. My chromium os stop receiving updates only 2 years after I purchased my Chromebox, but we keep getting told equipment should be made to last to protect the planet. That does not give me encouragement to upgrade to another computer because manufacturers don’t support the equipment for very long. If you think 8 years of updates isn’t long then what about 2 years in my case. Frankly, I have lost trust in companies who say they offer support but in reality, they don’t. My last update was 2019 to version 76.0.3809.136

  12. Hi I have a question I have a chrome book which has just had its final update. Am I still okay to buy things online or can my information get stolen. I won’t be using it for online banking as I think that would be rather risky. If I buy online can my details and card numbers be stolen by a hacker. I’m not too good with most technology

  13. Your “obsolete” Chromebook will not suddenly become unsafe from one day to the other, but will get less and less safe to use as time goes by. It is possible to install Linux or Cloudready (soon to be Chrome OS Flex) on an unsupported Chromebook (I did the latter), but it’s not trivial. If you don’t want to go down this route, I would buy a new Chromebook which is supported for many years to come.

  14. One big problem is the difficulty in finding out the expiration date of a chromebook before you buy it. Chromebook model numbers are notoriously difficult to reconcile with Google’s list.

  15. I have a Samsung Chromebook 3, and it recently got cut off from support. It has 16GB of storage, too little for anything other than Chrome OS, and is now basically a paperweight 3 years after I bought it.

  16. well I just screwed myself because I didn’t know about this end of life thing and I just bought this from someone 2 weeks ago. it’s actually my first computer because I use my phone for mostly everything. looks like it will be my last because not every one can just go buy a new computer. this is irksome like I have a headache now.

  17. I got this chrombook acer 15 gets chrome os when signing in for my birthday A year or more ago, for it to stop working cuz of company not supporting it anymore doesn’t say much for trustworthy product says alot about how much they value their customers like my 90yr old mom who bought it for me. What a shame!!

  18. the scenario I worry about is installing a couple games or other 3rd party apps that exploit some unpatched low-level system vulnerability that has nothing to do with the browser, but can harvest your bank or google ids and passwords etc. just while the chromebook is running. eventually I will just landfill these free chromebooks or maybe install linux on them might be fun and safe.

  19. BTW i have yet to find an online seller who knows the EOL date for what they sell.
    those i contacted did not know what the EOL is.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top