> Shouldn't browsers update themselves these days?

Looking over the shoulder of a user who’s fairly savvy—but doesn’t understand just how horrifying browser security is—revealed at least one pitfall to me: an update needs a restart of the browser, and a prompt to restart appears specifically when the user turns to the browser, presumably, in order to use it, that is, at the worst possible moment. As a result, it gets postponed indefinitely.

(Forced restarts when the browser thinks you’re not using it are also a bad idea for reasons that are hopefully obvious to anybody who’s used a modern version of Windows. That is not even counting the general vibe of knowing better than the user what they want, which I just instinctively dislike.)

Just like Chrome had a whole thing about process isolation to avoid crashing the entire system, it would be quite excellent if they could figure out how to effectively update at a tab-based level. New tab? Get the newest Chrome in the tab.

Obviously would be quite frustrating to debug a thing only to realize tab A is version 1 and tab B is version 2 of course. And it seems like it would require a massive amount of effort. Would be cool though!

Doesn't chrome also put tabs into "standby" (i.e. kill them) by default? Then this would update most tabs for most users.

Why not update all tabs at once then?

The key feature would be to maintain the exact state of a tab between process restarts.

Then they could restart the whole browser without the user noticing

If you use an ESR browser, you’ll get security updates, but not new features. Some users prefer this as providing more stability and possibly better security.

Firefox ESR is updated with new features about once per year, so that’s probably the minimum time one should assume for new features to become universally available.

> Shouldn't browsers update themselves these days?

They should. But in the same way, admins and guidelines in authorities and large corporations should now follow a more modern update strategy. "Never change a Running System" is unfortunately still a popular, lazy excuse.

In a way I can understand them - there are often things people are used to breaking or changes in the UI with software updates (not so much with browsers usually I guess). I can sympathise with older or less technical people who are afraid of an update forcing them to “relearn” how to do something they are used to.

Edit: not so much large corporations tbh.

I don't know exactly when this changed, but I always see people (devs and users alike) leave their Chrome open and waiting for an update, sometimes for weeks or months.

I guess if they just put their machines to sleep and never fully quit Chrome, it never has a chance to self update.

Am I crazy for thinking that Chrome should be designed in a way where individual tab rendering processes should be able to upgrade without having to close and restart the entire cluster of processes? The actual browser UI shell very seldom needs updates...

I don't know the internals of chrome (I'm sure someone else here does), but that sounds like they'd be containerizing a bunch of runtime inside tabs. Would probably blow up memory usage. But not sure what their current tab sandboxing already entails.

> Aside: Shouldn't browsers update themselves these days? Any reason to turn this off? Seems silly from a security perspective.

They should. But we have iPhone users who get an update to their browser every 6 months(?) and even then, it's still behind on features most of the times.

Aside: Shouldn't browsers update themselves these days? Any reason to turn this off? Seems silly from a security perspective.

That requires a mutable filesystem, which also seems silly from a security perspective. It would also require granting permission to mutate/replace executables to a program that's exposed to untrusted input (i.e. a browser).