Soon-to-be-banned Chrome browser plug-ins get reprieve

Instead of cutting off all old-style browser plug-ins at the end of 2014, Google has given a temporary break to people who rely on plug-ins that extend the abilities of its Chrome browser.

The company is gradually banning plug-ins that hook into the browser using a mechanism called NPAPI (Netscape Plugin Application Programming Interface) that's more than a decade old. But it's been tough getting Chrome users to completely stop using those plug-ins.

In September 2013, Google announced its plan to cut off support for NPAPI plug-ins. But it took a phased approach that still permitted the most popular ones: Microsoft's Silverlight, Unity Technologies' Web Player, Oracle's Java, Facebook's video-calling tool and Google's own Google Talk and Google Earth plug-ins.

Google decided not to leave plug-in-reliant customers in the lurch quite as soon as it had planned. Justin Schuh, a Google programmer on Chrome's security team , explained why in a blog post Monday:

Although plugin vendors are working hard to move to alternate technologies, a small number of users still rely on plugins that haven't completed the transition yet. We will provide an override for advanced users and enterprises (via Enterprise Policy) to temporarily re-enable NPAPI while they wait for mission-critical plugins to make the transition.

Good riddance

After years of slow going, the Web programming world is now working productively to expand the Web's possibilities not with plug-ins, but rather with new Web standards like HTML5's video and audio support. Plug-ins date back to the era when Microsoft's Internet Explorer ruled the roost but Web standards stagnated. Now the browser market is highly competitive, and plug-ins are on their way out.

And good riddance: plug-ins don't work on smartphones and tablets, they're hard to maintain, they're a bother for users to install, and are a top culprit in browser crashes, slowdowns and security vulnerabilities.

Plug-ins aren't totally disappearing from Chrome, however. Google will continue to indefinitely support plugins that use its own PPAPI (Pepper Plugin API), which includes the most widely used browser plug-in, Adobe Systems' Flash Player.

Google has been working to add new interfaces to its preferred system for extending Chrome abilities, called extensions, and has shifted its own Hangouts app to Web standards.

Some of the affected plug-ins are still fairly common. Among Chrome users, Silverlight was launched 15 percent of the time in September 2013, falling to 11 percent of the time in October 2014. Java dropped from 8.9 percent to 3.7 percent over the same period. Google Earth plunged from 9.1 percent to 0.1 percent.

Three-step removal over 2015

Initially, Google said it estimated it would completely remove Chrome's NPAPI support by the end of 2014, subject to usage patterns and feedback. Now it's pushed that back, but the ban will still continue over a three-step process in 2015.

The first step, in January 2015, will be to begin blocking even whitelist-permitted NPAPI plug-ins by default -- a setting that can be overridden.

The second step, in April 2015, will be to disable Chrome's ability to run plug-ins at all unless a user specifically enables it by setting a flag -- chrome://flags/#enable-npapi -- in Chrome's technical preferences. Google also will remove all NPAPI plug-ins from its Chrome Web Store at this stage.

The last step, in September 2015, will be to completely remove all ability to run NPAPI plug-ins from Chrome.

Google also recommends plug-in programmers look to its NPAPI deprecation guide for advice.

"With each step in this transition, we get closer to a safer, more mobile-friendly Web," Schuh said.