Google to stop patching Chrome for 60M Android users this May

Google is deprecating Android 4.0 (Ice Cream Sandwich) support for Chrome with the final update expected to arrive in April and no more security patches from mid-May.

The roughly 60 million owners of devices running Android 4.0 Ice Cream Sandwich (ICS) have about three months to upgrade to a newer OS if they want to avoid running outdated versions of Chrome — one of the most important apps in Android.

Chrome 42, two versions after the current latest version, will be the last version of Chrome Google delivers for Android Ice Cream Sandwich (ICS), Google confirmed today.

ICS was released in late 2011 and has since been superseded by Jelly Bean, KitKat and Lollipop.

Explaining the decision, Google software engineer Aurimas Lutikas said that supporting ICS was detracting from its other work on Chrome, adding that the ICS user base had declined significantly.

“In the last year, we’ve seen the number of Chrome users running ICS drop by thirty percent. Developing new features on older phones has become increasingly challenging, and supporting ICS takes time away from building new experiences on the devices owned by the vast majority of our users,” .

Google expects Chrome 42 to ship around mid-April and following that, and will keep providing patches up until Chrome 43 is released around mid-May.

“We will continue to issue patches while Chrome 42 is the most recent Chrome version. Once Chrome 43 is released, we don’t plan to issue further updates for ICS devices,” Google explained in an FAQ.

Currently there are over one billion active Android smartphones. According to Google’s March version-distribution for Android, ICS represents 5.9 percent of the total. That makes the version small by comparison to Jelly Bean, which accounts for 44 percent, and KitKat, which accounts for 40.9 percent. Lollipop, the newest version of Android accounts for 3.3 percent.

While ICS’ usage is likely to decline further by May, today’s 5.9 percent share would mean there are 59 million ICS devices still in use.

Somewhat oddly, Google is supporting ICS in its new Android for Work program via the Android for Work App (which is also available for Jelly Bean and Kit Kat devices).

Deprecating ICS for Chrome also removes one of the key recommendations Google had for users after it announced it would stop developing security patches for WebView in Android 4.3 and below.

WebView powers the stock Android browser in Android 4.3 and below (with KitKat, Chrome became the default browser). In January, a senior Google Android engineer advised users on these older versions to use either Chrome or Mozilla’s Firefox browser.

Come May, ICS users will have just Firefox as the sole recommended browser.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Upcoming IT Security Events

March 3rd, March 5th, March 9th 2015

Join CSO for the day@#csoperspectives and hear from @kimzetter @LeviathanSec

3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today

Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)

Join the CSO newsletter!

Error: Please check your email address.

Tags VulnerabilitiesLollipopWebViewupdatesjelly beanAurimas LutikasKitKatchromeCSO AustraliaAndroid 4.3Android usersGoogleAndroid Ice Cream Sandwich (ICS)

More about CSOEnex TestLabGoogleIT SecurityMozilla

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place