User profile for user: Betazed
Betazed Author
User level: Level 1
4 points

Chromium-based browsers (Chrome, Edge, Brave) becoming corrupted on macOS 15.5

I work for an MSP. We're encountering a recurring issue across different clients running macOS 15.5 (Sequoia) systems where Google Chrome becomes corrupted or non-functional. After a successful installation, Chrome works normally for a time, but later becomes unlaunchable. Upon inspection, the .app bundle in /Applications is missing critical files, including the main binary under Contents/MacOS.


What's Been Observed:

  • Chrome is installed from the official .dmg and initially works as expected. At some point later (often after a reboot or idle period),
  • Chrome fails to launch. The app bundle remains in /Applications, but key files are missing. Running spctl --assess reports the app as invalid or corrupted. The com.apple.quarantine attribute is often absent from the bundle. Reinstalling Chrome restores functionality, but the issue may recur.


Additional Context:

  • One client reported the same thing happening to Microsoft Edge and I had seen community reports indicating Brave may also be affected. These are both Chromium-based browsers.
  • Vivaldi, also Chromium-based, appears unaffected.
  • No alerts or actions are logged by our endpoint protection or MDM tools (e.g., CrowdStrike, InTune).
  • We suspect macOS system security tools (e.g., MRT, Gatekeeper, or XProtect) may be silently removing or quarantining files from Chrome.


What's Been Tried:

  • Tested on clean macOS 15.5 systems (VM and personal MacBook Pro): Chrome installs and runs fine, no corruption observed.
  • Manually ran MRT using: sudo /Library/Apple/System/Library/CoreServices/MRT.app/Contents/MacOS/MRT -a It exits silently with no indication of action.
  • MRT logs show normal startup and shutdown behavior—no deletions or signature failures. Workaround: Installing Chrome to ~/Applications (user space) allows users to reinstall it without admin rights. This avoids the issue so far, but it's not a long-term solution.


Questions:

  1. Has anyone else observed this behavior on macOS 15.5 with Chrome or other Chromium-based browsers?
  2. Could MRT, Gatekeeper, or XProtect be responsible for removing files from a valid Chrome installation?
  3. Are there logs or tools that can confirm if a system process is deleting these files?
  4. Any suggestions for monitoring or preventing this behavior?


Any insight or suggestions would be greatly appreciated. Happy to provide logs or test results if helpful.


[Re-Titled by Moderator]

Original Title: Google Chrome App Bundle Becomes Corrupted on macOS 15.5. Missing Files in /Applications/Google Chrome.app.

Posted on Jul 16, 2025 1:51 PM

Reply
6 replies
User profile for user: Betazed
Betazed Author
User level: Level 1
4 points

Jul 17, 2025 8:04 AM in response to etresoft

etresoft: All of those apps are the kind that use automatic updating logic. That's very tricky to do properly and often corrupts the executable. However, usually the worst that happens is that the code signature becomes invalid. The app itself normally works fine. I think the most likely explanation is some of your endpoint protection/MDM tools are interfering with that updating process. That would explain why files are missing.

You raise a good point. The clients in question are a mix of those who use MDM and those who do not, along with those who use our security software and those who do not. The mix depends on what services they pay for, and how many Apple devices they have. For instance we may not set up full on management if they have less than 5 Apple devices.


My colleagues on our cyber security team have stated there are no logged events for either CrowdStrike or ThreatLocker when the issue has arisen on machines where either is installed. I'll check to see if there are any additional endpoint tools that may be interfering.


Judging by your username, you (or your company) makes the Etrecheck software suggested by BDAqua. I'll definitely run it on the next machine to report an issue and see what comes back.


I starting to see mounting evidence that the issue may be associated with automatic updates, but it doesn't always seem to align with a known Chrome update release. I'll try to track that more closely. Thanks for your insight.

Reply
User profile for user: Betazed
Betazed Author
User level: Level 1
4 points

Jul 17, 2025 1:31 PM in response to Betazed

The pattern broke today. A user reported the issue with a Mac running 15.4.1 and not 15.5. I ran EtreCheck before doing anything and it did find that Google Chrome.app was not a signed app which didn't surprise me since the _CodeSignature directory in the app bundle is empty after this issue presents.


The update process seemed to be strongly implicated so I got the GoogleUpdater log file off this user's computer, but the log has a gap that covers the time that the Google Chrome.app bundle was modified. It was modified at 10:08am yesterday, and the log has a gap from 9:36am until 10:43am. The log is extremely verbose so if GoogleUpdater were doing something to the files at that time, I'd expect it to be indicated there.


They have some config profiles set in InTune for things timeout before a password is required on the lock screen, and a couple other items but no provisioned apps so I don't think InTune is messing with the Google Chrome app.

Reply
User profile for user: etresoft
etresoft
User level: Level 9
56,278 points

Jul 16, 2025 3:09 PM in response to Betazed

Betazed wrote:

Has anyone else observed this behavior on macOS 15.5 with Chrome or other Chromium-based browsers?

Nope. Never touch those things.


Could MRT, Gatekeeper, or XProtect be responsible for removing files from a valid Chrome installation?

Nope.


Are there logs or tools that can confirm if a system process is deleting these files?

The system is not deleting those files.


Any suggestions for monitoring or preventing this behavior?

Any insight or suggestions would be greatly appreciated. Happy to provide logs or test results if helpful.

All of those apps are the kind that use automatic updating logic. That's very tricky to do properly and often corrupts the executable. However, usually the worst that happens is that the code signature becomes invalid. The app itself normally works fine. I think the most likely explanation is some of your endpoint protection/MDM tools are interfering with that updating process. That would explain why files are missing.

Reply
User profile for user: Betazed
Betazed Author
User level: Level 1
4 points

Jul 17, 2025 8:25 AM in response to dialabrain

Thanks for that. What is interesting here is that the issue we've been encountering is exclusive to macOS 15.5 specifically. Other minor versions of Sequoia seem to be unaffected. It's that specificity which led me to initially believe it was something in macOS itself causing the problem. Evidence does seem to be mounting, however, that the issue is with Chrome's automatic update though I haven't been able to strongly correlate an attempt by Chrome to update and the issue where the app bundle has the various files removed.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Chromium-based browsers (Chrome, Edge, Brave) becoming corrupted on macOS 15.5

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up