Problems with Getting Google Chrome to update

It says the keys are invailid and may have been signed by an attacker. Has anyone got this for the latest update? Here is the error output:

Retrieving repository ‘google-chrome’ metadata -------------------------------------------]
Signature verification failed for file ‘repomd.xml’ from repository ‘google-chrome’.
Warning: This might be caused by a malicious change in the file!
**Continuing might be risky. Continue anyway? [yes/no] (no): **no
Retrieving repository ‘google-chrome’ metadata …[error]
Repository ‘google-chrome’ is invalid.
[google-chrome|] Valid metadata not found
at specified URL
Please check if the URIs defined for this repository are pointing to a valid repository.
Warning: Skipping repository ‘google-chrome’ because of the above error.
Some of the repositories have not been refreshed because of an error.
Loading repository data…
Reading installed packages…
‘google-chrome-stable = 0:50.0.2661.86-1’ is already installed.
No update candidate for ‘google-chrome-stable-50.0.2661.86-1.x86_64’. The highest available v
ersion is already installed.
Resolving package dependencies…

This is for an update that is available after 50.0.2662.86
My software updater originally gave me a warning that an update is available but was unable to authenticate the signature

You can get the certificates from Google I think if you don’t want to see the warning. IMHO Google does not handle this issue well

Getting the same thing here. It’s been running smoothly with the certificate installed for months. Yesterday I started getting the error.

I have a faint memory of the key changing once in the past, but can’t find any notes to confirm that.

So I’ve temporarily disabled the repository. I’ll wait a couple of days and see if it gets sorted out. If not, I suppose pinging Google is always an option.

Same error here. Seems to be a problem of Google.

Downloading the Linux RPM package from I got a valid signature:

> rpmkeys -K google-chrome-stable_current_x86_64.rpm
google-chrome-stable_current_x86_64.rpm: (sha1) dsa sha1 md5 gpg OK

When I try to update chrome by that package, I get:

> rpm -U google-chrome-stable_current_x86_64.rpm
package google-chrome-stable-50.0.2661.86-1.x86_64 is already installed

So no need for special actions; I’ll simply wait until Google has resolved that problem.

It would not be a good idea to accept repomd.xml without valid signature.

I got the same error here. I don’t have a solution, but based on the other replies I see here, I’ll just wait.

I just ran zypper update, did ‘Continue anyway’ and got “google-chrome-stable-50.0.2661.94-1.x86_64” as a version, which is an update.

I hope this version fixes the issue of when I try to open links from Thunderbird - it crashes Chrome, then opens the link, and I get a popup to ‘Restore lost pages’ or some such. Is anyone else getting that?

I’ve reported the problem on Google’s Chrome forum, for whatever good that may do.

Thread is here

A few extra voices can’t hurt.

I definitely remember this happening before, and it was just a waiting game. I hope it’s the same situation this time.

Update: Someone has linked this to a Chromium bug related to the deprecation of SHA1. If that’s a valid association, that means the problem has been ongoing for a month and a half. Don’t expect a speedy resolution.

In the mean time, I guess we’re stuck with downloading and updating our Chrome installs manually.

Thank You all for responding.

I guess I’m not being paranoid after all. What’s the use of having certificate validation if they are not coming up as valid. In this day and age of security threats, I am waiting also. I realize there is an update waiting, but to me it makes no sense to install the update if it has even a possibility of having a man in the middle. I rather run my browser in an older version than install one that has been (potentially) hacked. It not only breaths danger into my rig but I could also potentially spread what ever could potentially be bad. To me that is not linuxing responsibly.

I’m going to just keep this thread open until I get a response from google. They preach security , security, security, and they screw the pooch on their certificates. I guess they think everyone runs windows and don’t know enough to check validity of fingerprints on certs…


I downloaded the link from google’s https page, and still get invailid ceritifcate… Don’t know what is up with Google these days…

We may have an answer.

Following a suggestion on the Chrome support thread, I deleted Google’s gpg key

sudo rpm -e gpg-pubkey-7fac5991-*

Then I reimported it following the instructions on the Linux Repositories page.

That got me a successful refresh. So apparently the key has been updated, presumably to remove SHA1, but rpm wasn’t able to pick up the update.