Linux - Software - Install Google Chrome

What the Google Chrome Linux deployer does

This Automox Worklet™ deploys Google Chrome to Linux endpoints by automating the distribution-specific install path. The Worklet reads /etc/os-release to identify the package manager in use, then downloads the matching google-chrome-stable package from https://dl.google.com/linux/direct/ and hands it to the native installer. The DEB path runs dpkg -i ./google-chrome-stable_current_amd64.deb against the downloaded Debian package; the RPM path runs dnf localinstall ./google-chrome-stable_current_x86_64.rpm against the downloaded RPM.

Supported distributions cover the enterprise Linux releases that matter in practice: Ubuntu 18.04 and later, Debian 10 and later, Fedora 32 and later, and openSUSE 15.2 and later. The Worklet exits with status 0 and skips remediation when google-chrome-stable is already present, so a recurring policy sweeps a mixed distribution group without re-downloading the package on every pass.

Why deploy Google Chrome from a central runtime

Chrome is commonly used to access identity providers, SaaS admin consoles, help-desk portals, and WebAuthn-protected services on the Linux endpoint. A Linux laptop running a Chrome build several milestones behind current is missing V8 and Skia patches that Google ships on a four-week stable cadence with weekly security updates. Google publishes Chrome security releases on a faster cadence than most distribution repositories track, so leaving the install to whatever lands in the default mirror produces persistent version skew across hosts that should be running the same build.

Schedule this Worklet against the Linux developer workstation group so the same google-chrome-stable build lands on every Ubuntu, Debian, Fedora, and openSUSE host under management. Subsequent Automox patch policies keep the build current from the same channel.

How Google Chrome deployment works

1. Evaluation phase: The Worklet sources /etc/os-release to identify the distribution family and selects the matching package query. On Fedora and openSUSE it runs rpm -qa | grep -qi google-chrome-stable; on Debian and Ubuntu it runs apt list --installed | grep -qi google-chrome-stable. If google-chrome-stable is registered in the package database, the script exits 0 and remediation is skipped. If the package is missing, the endpoint is flagged non-compliant and remediation is scheduled on the next run.

2. Remediation phase: The script branches on the package manager. On Debian and Ubuntu, it fetches https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb with wget, then runs dpkg -i ./google-chrome-stable_current_amd64.deb to install the package. On Fedora and openSUSE, it pulls google-chrome-stable_current_x86_64.rpm from the same dl.google.com path and runs dnf localinstall -y ./google-chrome-stable_current_x86_64.rpm against the downloaded RPM, which resolves libnss3, libgbm1, and fontconfig dependencies. The script then re-queries the package database to confirm google-chrome-stable is registered and exits 0 on success or 1 if the install did not register.

Google Chrome deployment requirements

• 64-bit Linux endpoint running Ubuntu 18.04+, Debian 10+, Fedora 32+, or openSUSE 15.2+ (Google does not publish a 32-bit google-chrome-stable build)

• Root or sudo privileges for the Automox agent so apt-get install or yum install can write to /var/lib/dpkg or /var/lib/rpm (the default agent context already meets this)

• wget available on the endpoint for downloading the package from dl.google.com (install via apt-get install wget or yum install wget if missing)

• Outbound HTTPS connectivity from the endpoint to dl.google.com on TCP 443; allow the host through any egress proxy or firewall rule that filters outbound web traffic

• FixNow compatible: trigger the Worklet from the Automox console for an immediate single-endpoint deploy when a user reports a missing browser

Expected Google Chrome state after deployment

After a successful run the endpoint has the current google-chrome-stable build installed and registered in the native package database. On Debian and Ubuntu, dpkg -l google-chrome-stable returns a row marked ii with the installed version; on Fedora and openSUSE, rpm -q google-chrome-stable returns the same. The /etc/apt/sources.list.d/google-chrome.list file (Debian family) or /etc/yum.repos.d/google-chrome.repo (RPM family) is registered as part of the install, so future apt-get upgrade or yum update runs pick up new Chrome releases from the same Google channel that delivered this one.

Validate by running google-chrome --version on the endpoint and comparing the output to the current stable version published on the Chrome Releases blog. Launch the browser from the desktop environment or run google-chrome --headless --dump-dom https://www.google.com from a shell to confirm the binary is on PATH and the GPU and font dependencies resolved. Subsequent Automox policy runs against this Worklet exit 0 with no action because the evaluation phase finds google-chrome-stable already installed; the install is only repeated if the package is removed. From that point on, an Automox patch policy targeting google-chrome-stable picks up new releases from the same Google channel.