How secure is a Chromebook after it stops getting Chrome OS updates?
If you didn’t already know, every Chromebook has a pre-determined shelf life when it comes to getting Chrome OS updates. This has people wondering: are Chromebooks secure? The software update expiration date is based on the CPU inside your Chromebook. Google has a site showing when every Chromebook will stop getting these automatic software updates.
You can also see the date on your device itself: Go into Settings, choose About Chrome OS and then click Additional details.
So what happens after your Chromebook passes the automatic update time period?
Well, it still works, for one thing. Just like it always did. And that’s good. But it won’t get any new features found in any future Chrome OS updates at that point.
That may not be a big deal in the overall picture. However, there is a larger impact that you should be aware of. And that has to do with any security patches.
As it stands now if Google pushes any security fixes to Chromebooks, the devices that are beyond the support date won’t get them. And that’s clearly not good.
Nor is it something you can completely mitigate on your own. I mention this because of an email question I received from Jeff:
Does installing edge or Firefox to a Chromebook that is no longer receiving updates does it provide you security that Chrome does no longer provide?
This is a great question and the answer deserves some explanation because the devil’s in the details.
Yes, you can install Microsoft Edge on a Chromebook, or any alternative browser that supports Android or Linux. And that browser will get software updates, which includes any security patches. However, this only protects your browsing activities in that third-party browser. That’s helpful but it’s not a full security solution.
Why? Because Chrome OS itself is the desktop platform controlling the show.
That means while your browsing activity with Edge, Firefox, or some other browser offers security, the underlying software does not.
Chrome OS runs on Linux, for example. So if the Linux kernel needs a security patch and your device can’t receive the update, you’re at risk. And even though Chrome OS exploits have been few and far between, blindly relying on an unpatched desktop operating system doesn’t give me a warm fuzzy feeling.
So the shorter answer is: Yes, an updated third-party browser improves security on a Chromebook no longer receiving Chrome OS updates, but it’s not an ideal situation.
Don’t panic just yet though. Remember how I said, “As it stands now…”?
I’ve described the current situation, which is in the process of changing in potentially positive ways.
First, Google bought Neverware earlier this year. If you’re not familiar with that company, it makes Chromium OS software images under the CloudReady brand that can turn older devices into Chrome devices.
Chromium OS is the open-source version of Chrome OS; the latter has Google proprietary bits. So they’re similar but not exactly the same. It’s possible that Google’s acquisition of Neverware will bring platform-level updates to older devices.
Second, Google is working to split the Chrome browser from Chrome OS itself. Essentially instead of having the browser baked into the operating system, it will be integrated as a standalone app called LaCros. I’ve covered LaCros before, which is a Linux version of the Chrome browser, but here’s an overview of LaCros vs Chrome vs Chrome OS if you need a refresher.
This essentially lets Google update the native Chrome OS browser after a Chromebook stops getting Chrome OS updates. In a sense, it’s the exact same approach that Jeff is asking about, only it’s for Google’s own browser.
Surely, this approach is helpful, but for maximum security, Chrome OS itself needs to get security patches.
Keep in mind that Chrome OS was designed with security in mind. And there has only been a handful of persistent Chrome OS exploits that stay active on a Chromebook after a reboot. So Chromebook security without future Chrome OS updates doesn’t appear to be a major issue. At least, not yet.
Even with that relatively solid track record, I personally wouldn’t use an “expired” Chromebook and just trust that it’s a secure experience. I’d rather not take the chance. Instead, I would purchase a new Chromebook, knowing that for the next eight years or so it will get Chrome OS software updates. Then again, Neverware’s CloudReady integration might resolve the situation at some point in the future. That would give new, secure life to older Chromebooks.
32 thoughts on “How secure is a Chromebook after it stops getting Chrome OS updates?”
Comments are closed.
I have a question. Which is more secure an expired Chromebook or a PC running Linux?
An up to date Linux computer will be more secure than an expired Chromebook, or any system bit receiving updates. Linux is also like Chrome OS in that malware is much less common than Windows.
I understand that no software maker wants to support hardware forever, but eight years still seems low. Especially given that Chrome keeps getting support extended on Win 7 – now until Jan 22. So Chrome has been on Win 7 for 12 years, surely they should support hardware running their own OS just as long. Other features such a live caption worked first on Chrome Windows too. Seems Windows users are more important to Google than people who are investing in their own OS, that’s just poor customer service.
The things in this article will improve things, but 8 years is too low 10-12 would be better, I’m not asking for infinite support just a bit fairer. Us users who love Chrome OS and buy high end Chromebook feel really let down by this. This is something that will not be forgotten or forgiven for a long time. For an OS that is still barely known outside of USA supporting longer was a huge selling point.
I have one of these out of support chromebook. It was working fine until recently, when it was unable to properly display most online shipping websites. Well, my solution was to install full Linux on it, which I did and it worked just fine.
That’s interesting! I’d always assumed that was possible, but not heard of anybody actually doing it before now. Care to share more details (eg model/specs, Linux distro, how easy/hard to do, performance after vs before)?
Unless things have changed Neverware can’t be installed on Chromebooks – it was designed for older (eg Windows) computers. I have tried and failed!
I was told you need to make a hardware modification (remove a link or a screw) before Neverware can run on a Chromebook – this isn’t necessary on an Intel/AMD device running Windows. I can run Neverware on a Lenovo Yoga i5 laptop by simply installing an image from a USB stick and it runs very well. I’ve never tried installing on an existing Chromebook configured machine. Lots of info if you Google the subject.
I have a Google Pixel Chromebook 2015 with i7 processor and 16gb RAM – much higher spec than most “high end” chromebooks available today but still Google think it should be trashed. I am not going to replace it with another chromebook – in fact I bought a high end Windows laptop instead because I am not going to be suckered twice.
For now my wife uses it occasionally (she has far fewer security issues than me as she doesn’t use online banking etc) but at some time I guess I will bite the bullet and install Linux. This machine likely has 3-4 years more to offer if the security issues can be resolved – it is still fast and reliable in every other way!
Who know how up-to-date you cromebook drivers?
I’ve taken c720’s, removed the write protect screw, flashed the bios.. installed neverware.. works with all the updates.
Ok I admit im not good with computers and such like. But seeing al singing and dancing advertisements about chromebook. I bought a chromebook 2 months ago thinking it would help me with my Garmin 1030 bycycle gps.
But no, chromebook will not support it. I’ve found other things won’t work on chromebook. Overall my android mobile does things far better than chromebook. I wish I had bought a “proper” laptop I feel I need to chuck it away , bin it and get a real laptop.
If you have an out-of-support Chromebook, I very much recommend that you try and install Neverware Cloudready on it – especially if it’s a higher spec computer. Yes, you need open it up to remove the security screw, but that’s a few mintutes’ job in most cases. Cloudready runs on my old Lenovo Chromebook with only a couple of minor issues, and gets regular updates. (By the way, this has been the fate of my old Win laptops and Macbooks as well – they were too slow to run even decent Linux distros but work really well with Cloudready.)
Chromebooks are pointless. You cannot do anything on them, other than browse the internet etc. I am a developer and have 2 Chromebooks, which were promotion freebies. Would never buy one. I hardly ever use them. One has just turned “obsolete” now anyway. Don’t bother imo
Would it be possible to install Windows on an expired Chromebook as it were a regular computer?
It is possible, depending on the device. Some are easier than others to get an alternative OS installed and some are nearly impossible. I recommend checking your specific Chromebook model here to see if you can get Windows installed in place of Chrome OS: https://www.reddit.com/r/chrultrabook/comments/aufp1q/getting_started_read_this_first/
Thanks a lot for the post and the quick answer, Kevin.
Hello, I have a question. Can I still use my android apps when my chrome os expires?
Yes you can. No existing functionality is limited after the software support date.
I agree. I bought my Chromebook under the illusion the model was only one year old. After setting it up, find that it was only scheduled to receive updates for 4 years. Having to update your laptop (Chromebook) greatly increases the real cost.
One of the biggest issues is that many people aren’t aware of this expiration date when buying a Chromebook and may end up getting a discounted one thinking that they are getting a deal but finding out that their “new chromebook” is near or beyond the expiration date.
My chromium os stop receiving updates only 2 years after I purchased my Chromebox, but we keep getting told equipment should be made to last to protect the planet. That does not give me encouragement to upgrade to another computer because manufacturers don’t support the equipment for very long. If you think 8 years of updates isn’t long then what about 2 years in my case. Frankly, I have lost trust in companies who say they offer support but in reality, they don’t. My last update was 2019 to version 76.0.3809.136
Hi I have a question I have a chrome book which has just had its final update. Am I still okay to buy things online or can my information get stolen. I won’t be using it for online banking as I think that would be rather risky. If I buy online can my details and card numbers be stolen by a hacker. I’m not too good with most technology
Your “obsolete” Chromebook will not suddenly become unsafe from one day to the other, but will get less and less safe to use as time goes by. It is possible to install Linux or Cloudready (soon to be Chrome OS Flex) on an unsupported Chromebook (I did the latter), but it’s not trivial. If you don’t want to go down this route, I would buy a new Chromebook which is supported for many years to come.
One big problem is the difficulty in finding out the expiration date of a chromebook before you buy it. Chromebook model numbers are notoriously difficult to reconcile with Google’s list.
I have a Samsung Chromebook 3, and it recently got cut off from support. It has 16GB of storage, too little for anything other than Chrome OS, and is now basically a paperweight 3 years after I bought it.
Not necessarily. If it’s the Samsung Chromebook 3 from 2016, it’s on the supported devices list at Mr. Chromeboxes site here. https://mrchromebox.tech/#devices Meaning, you can “unlock” it from Chrome OS and install Linux or Windows. A lite Linux distro can easily fit on the drive.
well I just screwed myself because I didn’t know about this end of life thing and I just bought this from someone 2 weeks ago. it’s actually my first computer because I use my phone for mostly everything. looks like it will be my last because not every one can just go buy a new computer. this is irksome like I have a headache now.
Not necessarily. There’s a chance that ChromeOS Flex can be installed on your device even though it’s really intended to turn older Macs and PCs into Chromebook-like appliances. https://www.aboutchromebooks.com/how-to/how-to-install-chrome-os-flex-the-hard-way/
I got this chrombook acer 15 gets chrome os when signing in for my birthday A year or more ago, for it to stop working cuz of company not supporting it anymore doesn’t say much for trustworthy product says alot about how much they value their customers like my 90yr old mom who bought it for me. What a shame!!
the scenario I worry about is installing a couple games or other 3rd party apps that exploit some unpatched low-level system vulnerability that has nothing to do with the browser, but can harvest your bank or google ids and passwords etc. just while the chromebook is running. eventually I will just landfill these free chromebooks or maybe install linux on them might be fun and safe.
BTW i have yet to find an online seller who knows the EOL date for what they sell.
those i contacted did not know what the EOL is.
open it up change the sd then go to mr crhomebox online to flash the bios. Install Mint XFCE 22 and enjoy…(;>)