Google has released Chrome 42 to the stable channel, and among the changes announced is one that will automatically block Oracle’s Java plugin and other plugins that use the old NPAPI (Netscape Plugin API).
NPAPI support is disabled by default, as Google announced it will be back in 2013, when they said that “NPAPI’s 90s-era architecture has become a leading cause of hangs, crashes, security incidents, and code complexity.”
“All NPAPI plugins will appear as if they are not installed, as they will not appear in the navigator.plugins list nor will they be instantiated (even as a placeholder),” Google explained to developers.
“Although plugin vendors are working hard to move to alternate technologies, a small number of users still rely on plugins that haven’t completed the transition yet. We will provide an override for advanced users (via chrome://flags/#enable-npapi) and enterprises (via Enterprise Policy) to temporarily re-enable NPAPI (via the page action UI) while they wait for mission-critical plugins to make the transition. In addition, setting any of the plugin Enterprise policies (e.g. EnabledPlugins, PluginsAllowedForUrls) will temporarily re-enable NPAPI.”
The option to enable NPAPI is offered for users in Chrome’s settings, but will be available only until September 2015 (Chrome 45), when NPAPI support will be completely removed from the browser.
The Flash plug-in and PDF viewer built into Chrome will not be affected by this change, as they don’t use NPAPI.
Google has also booted extensions requiring NPAPI plugins from the Chrome Web Store.
Chrome 42 also includes fixes for 45 security issues, a number of new apps, extension and Web Platform APIs, and stability and performance-enhancing changes.