Chrome 45 launches without NPAPI plugin support
Google Chrome users who rely on functionality that NPAPI plugins provide won't be able to make use of it anymore with the release of Chrome 45. NPAPI-only plugins such as Java or Silverlight are used throughout the web and while their use is declining, there are numerous applications and services that make use of either one or another plugin.
Google announced back in 2014 that it would retire NPAPI plugin support in all versions of Chrome from January 2015 on.
The staged roll-out of the end of NPAPI started in January 2015 with the disabling of all but the most popular and prominent plugins. Then, in April 2015, support was disabled but an override switch allowed users and administrators to re-enable support for the time being.
Starting with Chrome 45, released to the stable channel yesterday, bypass options have been removed complete which means that Chrome users who run any of the official versions of the browser cannot run NPAPI plugins anymore.
What's interesting about this is that this is true for all versions of Chrome including Enterprise.
The workaround, available as a flag on the browser's experiments page, is not working anymore as Google removed the flag with the update to Chrome 45.
This means that Chrome users cannot run NPAPI plugins, Java or Silverlight come to mind, anymore in the web browser as there is no bypass option anymore.
Note: Chrome continues to support so-called PPAPI plugins. If you open chrome://plugins you will notice that it supports Adobe Flash for example as it is loaded as a PPAPI plugin.
Since there is no alternative available for Chrome users, the only option left is to use a browser that continues to support NPAPI plugins.
While you could select the closes matching browser, Opera for instance, it is not clear how long they will support NPAPI plugins either considering that they share a codebase with Chrome.
This leaves Mozilla Firefox as the best choice when it comes to NPAPI plugin support.
Now You: Do you access contents regularly on the web that require NPAPI plugins?
On my dail-use browser (which is neither Chrome nor Chromium based) I am hardly using any plugins these days, most are disabled, Flash and Java are on “Ask to activate” and there are very few websites that require me to do this (some older videos). Main use for Flash on the sites I visit regularly seem to be ads. As much as I love those sites, Flash ads are a no-go.
Flash ads are blocked in Chrome since Sept.1
They are block on my rigs since…. many years without Chrome.
>Do you access contents regularly on the web that require NPAPI plugins?
Nah, maybe twice a year at most.
Even though I rarely access content on the web that require NPAPI plugins, I think that the browser maker should allow me to decide what plugins to use or not, what content to access and how to do it. This is just another step taken by a corporation against the user’s choice and freedom.
Yeah, nanny-state silliness is definitely a factor here, and I think the whole “insecurity” of the web plugin is laughable when people use an inherently insecure OS such as Windows to begin with. Just let people use it if they want to, jeez.
I use a Java-based VPN almost daily. But I use Firefox or Palemoon for that, while using Chrome for (almost) everything else.
> Do you access contents regularly on the web that require NPAPI plugins?
Not in Chrome however with property management our security monitoring devices *(cameras)* use a plug-in to configure and monitor zones.
Once the browsers remove the capability of plug-ins altogether it will cripple several hardware vendors even on items that are new releases. The only real way around this is to do H.264 *(or better) streaming and that can be a security risk as well as a rather large dip in vendors pocket books… which gets passed onto the consumer.
Silverlight never installed, Java removed since a long time, Flash uninstalled three weeks ago.
No application nor Website here requiring Java, a few sites still call for Flash : I’ll get back to them once they’ve updated to HTML5.
I think Google’s move is worthy, Mozilla should do the same, as well as Opera.
Flash is over whatever the struggles to keep it alive. Adobe should have the dignity to recognize it. But Adobe is Adobe…
I need to use it daily, since I work mainly with transactional and B2B sites. I need it to sign documents with qualified digital certificates. And, as far as I know, there is still no alternative to Java to use these. Well, I’ll have to use Firefox, at least while Google wants to decide what I can or cannot use. The actual solution was well balanced, making users activate manually the protocol.
I use daily, to play zynga games is big must :(
we use it for our entire company’s VPN. this is basically a nightmare, and although it’s directly google’s fault, the real fault is with Oracle, and their lack of support on the matter.
Bad news for me! I use mostly Streetside from Bing Maps, now how to do to get it working again??
This also includes the fix to allow the 64bit version to run on the latest Windows 10 Insider Previews
Some of my “bird-watching” sites require Silverlight (don’t know about Java), I’ll just have to play it by ear.
Chrome and Firefox are permanently open with about 10 tabs each, divided up according to which is best for which site. I don’t like having to change them around, I can almost navigate blindfold with a stable setup.
I hate that changes are being foisted upon me from all directions, I just want to get on with my “work”. The very word Google inspires resentment and depression nowadays.
I don’t understand these things – but do you think that some cash-strapped charities will have to have their websites redesigned, or buy new media streamers (like JW Player) so that their webcams can be displayed in Chrome?
I’ll get a coffee :-/
Well I think that some sites will upgrade as they will notice a dip in traffic otherwise since Chrome users cannot use their sites anymore.
Or the Chrome users will move to a different browser… If a site/service hasn’t upgraded yet, the chances of them doing so in a sufficiently timely matter for users to be content to wait it out are pretty slim.
The majority of the internet-using public won’t understand or care about the reasons, they simply want things to work; and when they don’t, they look for the culprit, and find the quickest possible work-around. In this case, the thought process will likely be “Chrome went and broke my app, but people say it works fine in Firefox – let’s use that instead. Boo Google, and their site-breaking ways!”.
@PurposelyCryptic, I wouldn’t be as categorical about low/medium technicality savant users moving to another browser for the sole reason that their default browser no longer handles plugins they care for : this move IMO is more that of experienced users when in my experience average users consider as a hassle the fact of installing a new major app — here a browser — and having to move accordingly their browser related data to that new browser.
I believe the problematic will concern more advanced users than other ones who may rather opt for what can be, what will be done on their browser without considering another one just for a plugin time-related issue
“There are two main ways attackers attempt to compromise your system. One is by attempting to trick you into downloading and running something malicious. The second is by attacking your web browser and related software like the Adobe Flash plug-in, Oracle Java plug-in, and Adobe PDF reader. These attacks use security holes in this software to force your computer to download and run malicious software.”
Source : http://www.howtogeek.com/227205/what-is-malvertising-and-how-do-you-protect-yourself/
It’s almost 2016. The faster plugins are gone, the better. It’s not just about security, it’s also for promoting actual Web technologies that are part of HTML5.
“Do you access contents regularly on the web that require NPAPI plugins?”
Yes, quite often and daily.
>Do you access contents regularly on the web that require NPAPI plugins?
Almost daily, AniDB.net’s UDP applet is Java-based, and I use it to organize new files added to my media-server. And while I only need it once a year, Germany’s tax e-file system uses an NPAPI plugin for authenticating your Security USB Dongle.
Admittedly niche applications, but important enough for me to have immediately downgraded Chrome back to 44 and disabled updates for the time being; in the long-term I’ll probably have to run Firefox either as a secondary browser, or move over entirely. I understand why they did it from a security perspective, but I think their one-year-plan to deprecate NPAPI was far too rushed. While it is true that this was enough time for the big players to disentangle themselves from it, the same can’t be said for smaller outfits – therefore pretty much everyone is going to have at least something they used with some regularity just stop working. And those with little tech-knowledge won’t even know why, and will just fruitlessly call a support line, get frustrated, and depending on the importance of the plug-in, move to a different browser. Overall, very poorly handled.
I do not use this technology too often but I do expect it to be available when I need it. Without Java, for example, I will not be able to deposit my checks online. Anyway, I had to downgrade Chrome back to v44 and disabled any further auto updates.
VLC plugin is based on NPAPI, so it has been disabled too. I have found some VXG plugin: http://www.videoexpertsgroup.com/chrome-media-player-plug-in/
Works good with my RTSP source. Thanks to developers. They have saved my project.
All Foscam IP Cameras, very popular for home security and baby monitoring, web interface required NPAPI support, They’ve know for over a year this day was coming, they told us early on they were working on the issue- but they have no released any update to fix this. Now since I’ve rebooted my PC and Chrome 45 installed the web interface is dead and they have no plans to bring it back. I understand Google’s goal to make the web safer but it really sucks for me. I would rather take the risk and keep it enabled, at least on a site by site basis.
How about downloading a copy of GoogleChromePortable 44 and never update it (Chrome Portable shouldn’t auto-update anyway), and use it only for the cameras (and for other stuffs that require NPAPI) ? At least you get to keep the same Chrome UI and the bookmarks etc.. instead of having to switch to IE or Firefox.
Thanks. That was very similar to what I ended up doing, got an old version of Chromium portable so I didn’t confuse the two icons in the taskbar. It’s better than not having web access at all, but still annoying.
WE have had to switch all our pcs away from chrome and currently using Maxthon as they have stated that they will suport npapi for the forseeable future.
Its been a bit of a night mare as we were caught off guard. Lots of late nights…….
We have found that many, many business sites are affected with googles choice to abandon them. Banking, finance, and many intranet software doesn’t run. Java, like it or not, is a major tech used in many business and server software, and google simply stopping to support it, will not stop people from using it.
A great deal of server software is java based and therefore chrome can’t be used with any servers that use Webmin, or virtualmin, or any CMS software that may use Java plugins, or any online FTP programs etc etc etc.
I assume the choice by Google is their comeback, or attack, on Oracle and seems little to do with any other motive.
All this has really done is removed chrome as a choice for many small, medium and larger businesses. Its also been removed as default browser on all our new setups.
Sad to say, but Explorer is better suited now!
For anyone still looking for a Chrome/Chromium based browser that still supports the NPAPI plugins (by default it’s on), I suggest you check out this one called Slmjet. Now it’s a version back (currently using Chromium v44) and the UI is a little like a Linux Distro. It also lets downgrade to their older versions, has a built in ad-blocker and lots of enhancements to privacy and security. Basically, this is a more flexible and versatile version on Chrome/Chromium.
As much as anything, taking NPAPI out saves Google money. With every new release of Chrome bugs would be filed against NPAPI that needed fixing. While choice is a good thing, too many choices is not :-)
Yes maybe. But why not just put up a warning of some sort with a helpful link explaining why this is security risk, just like they do with outdated plugins? I mean they kill there tech savvy users this way, and this isn’t even tech savvy. All you gotta do is some research.
Well I’m a power user/tech savvy and I guess not everyone cares about the features of a browser with it’s big influence on the web it has now days.
This is a way for chrome to take over the linux platform.
I have a HP color laser printer with a JetDirect print server that runs JAVA. *That cannot be changed or updated*. It is NOT in any way a “security risk” but since JAVA 7 Update 46 it has been impossible to access due to Oracle’s paranoia about “security risks”.
I’ve put the printer’s IP address in the exception lost and done the other things but JAVA still blocks it. The Allow and Remember option should *actually work* by allowing permanent 100% no-blocking or other interference access to a site or IP address.
Oracle is just being stupid by hobbling their own product instead of actually addressing any holes in JAVA and fixing them. They’re just putting on thicker doors and shutters and more locks which is only serving to reduce the market for JAVA.