Google Chrome and disabling plugins

[mikeymikec]

There was a bit of news on Slashdot recently about Google (allegedly) quietly making their DRM implementation (Widevine) plugin mandatory in Google Chrome installations with a recent version.

I had a poke around GC's options (chrome: plugins specifically), tried to disable the plugin myself (which it would let you), but then when I restarted Chrome the plugin was re-enabled. I tried the same with the Adobe Flash plugin, same thing. I then tried it with the internal PDF viewer, which worked (but then I had to re-enable it through the general options UI (content settings > PDF reader setting).

I was wondering whether others have encountered this behaviour with older versions of Chrome or perhaps this is a regression? It would seem surprising that they wouldn't allow Flash to be disabled, simply because it's an easy countermeasure for any user in the event of a Flash zero-day exploit.

In other news, how can one stop auto emoticons when posting here? I've had to insert a space between chrome: plugins for it not to be interpreted as .

 

[quikah]

Chrome 57 is supposed to remove the plugins page altogether. I don't know if previous versions have done anything else to prevent plugins from being disabled.

 

[TheRyuu]

I was wondering whether others have encountered this behaviour with older versions of Chrome or perhaps this is a regression? It would seem surprising that they wouldn't allow Flash to be disabled, simply because it's an easy countermeasure for any user in the event of a Flash zero-day exploit.

Flash control is being moved to chrome://flags you should still be able to disable it there. They're also moving to a whitelist with sites what Flash is allowed to run on without user interaction. I believe for all other sites it's moving to a "click to play" model. Furthermore they've also added a feature to prefer using HTML5 where available if there's a choice between that and Flash. Some of these things can be controlled in chrome://flags.

Chrome doesn't really support third party plugins anymore so removing about://plugins isn't really surprising considering they only have ~3 plugins now. One of which is being depreciated (Flash) and another which shouldn't really be disabled (pdf). The only contentious issue here is Widevine I suppose since it's something of "black box" for DRM.