Chrome users, you have 3 months to say goodbye to Windows 7 and 8.1
After keeping Chrome running on early Windows versions for two extra years, giving IT administrators time to update, Google has decided it won’t delay any further: Unless organizations upgrade to Windows 10 or 11 next year, they won’t be able to use Chrome. Browsers based on Chrome, such as Brave, are likely to be similarly affected.
Although Microsoft ended mainstream support for Windows 10 almost three years ago, it has maintained a “last resort option” in the form of its Extended Security Updates (ESU) program. ESU updates only contain security fixes, nothing else, and are designed to provide a lifeline for organizations that can’t move away from old products.
The sunsetting of Chrome for legacy Windows versions closely matches Microsoft’s support deadline for Windows 7 ESU and Windows 8.1 extended on January 10, 2023.
In early 2023, Chrome will officially end support for Windows 7 and 8.1 with the release of Chrome 110, which the company “tentatively” expects to happen on February 7. This means Chrome will continue to work on these platforms but will cease receiving critical updates and new features. And software that no longer gets updates is best uninstalled, as it poses a security risk.
Chrome is the most widely used web browser by far, with a market share of about 65%, which makes it a very tempting target for cybercriminals. Over the last few years it has suffered with a large number of critical vulnerabilities, with dozen of zero-days fixed. In just the last few months we’ve seen patches for a zero-day in July, a zero-day in August, and a zero-day in September, for example. The first line of defence against these problems is keeping the browser up to date and it helps enormously that Chrome updates itself.
When those automatic updates dry up early next year though, the risks of running an unsupported Chrome browser on an unsupported version of Windows will compound each month.
We suggest that you disconnect machines with legacy Windows versions from the Internet completely, and only run a web browser on those machines if it is used to view tools running on a network you control.