Chrome 42 Outlaws Java Plugin
Written by Alex Armstrong   
Wednesday, 15 April 2015

Chrome 42 has just entered the stable channel and brings a change that many will find inconvenient and even damaging. By default Chrome now blocks NPAPI plug-ins.

chromiumicon

 

As we reported at the time Google announced its intention to phase out support for the 1990's Netscape Plug-In API in September 2013 and gave us the timetable for doing so in November 2014, see Google Gets Closer To Killing Old Style Browser Plugins. So the fact that NPAPI plug-ins no longer function in Chrome is entirely according to schedule.

As of today Google is also unpublishing extensions requiring NPAPI plugins from the Chrome Web Store. All NPAPI plugins will appear as if they are not installed, as they will not appear in the navigator.plugins list nor will they be instantiated (even as a placeholder).

Removing NPAPI from the web seems like a sensible move as plug-ins are acknowledged to be a big security issue as well as the cause of hangs and crashes.

However, the plug-ins affected include Silverlight and Java, both used widely in business and government. So while Google can point to a decline in plug-in usage, what is left may be difficult to eradicate -  the UK's National Health Service websites rely on Java, for example. 

For the next six months it will be possible to override the blocking of plug-ins in Chrome, either by using enterprise policies or by:

 chrome://flags/#enable-npapi

After September 15, however, Chrome 45 will remove the temporary override and NPAPI support will be permanently removed from Chrome. Installed extensions that require NPAPI plugins will no longer be able to load those plugins.

So what should you do if you rely on NPAPI plug-ins?

The NPAPI deprecation: developer guide states:

In general, the core standards-based web technologies (HTML/CSS/JS) are suitable for most client software development. If your application requires access to features outside the web sandbox, myriad Chrome Extension and App APIs offer access to OS features.

The alternative is to use a different browser.

At the moment IE, Firefox, Safari and Opera support NPAPI and this includes the Java plug in but usually with some additional security. Firefox blocks plug-ins by default, apart from those that have been whitelisted, but gives users the option of enabling them. Whether Mozilla will now switch to a more Draconian policy remains to be seen but it does refer to NPAPI as a legacy technology and suggest that you don't make use of them. 

The day of Java in the browser seems to be numbered.

 

chromiumicon

 

More Information

The Final Countdown for NPAPI

NPAPI deprecation: developer guide

 

Related Articles

Chrome Drops Support For Plugins

Google Gets Closer To Killing Old Style Browser Plugins

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, FacebookGoogle+ or Linkedin,  or sign up for our weekly newsletter.

 

Banner


Edera Releases Open Source Container Benchmark And Scanner
07/11/2024

Edera has released Am I Isolated, an open source container security benchmark that probes users runtime environments and tests for container isolation.



Ursina - A Game Engine Powered by Python
08/11/2024

Ursina is a new open source game engine in which you can code any type of game in Python, be it 2-D, 3-D, an application, a visualization, you name it.


More News

 

espbook

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Wednesday, 15 April 2015 )