iTnews
  • Home
  • News
  • Technology
  • Security

Google to axe 'risky' NPAPI support in Chrome

By Staff Writers on Sep 25, 2013 12:49PM
Google to axe 'risky' NPAPI support in Chrome

Targets security risks, hang time.

Google will join Mozilla in removing support for Netscape Plug-In API (NPAPI)-based browser plug-ins, which it blames for "hangs, crashes, security incidents and code complexity".

The web giant's security engineer and plug-in retirement planner, Justin Schuh, said in a blog post that it would begin blocking NPAPI-based plug-ins in Chrome from January next year.

NPAPI is a cross-browser application programming interface for plug-ins.

Google said the top five NPAPI-based plug-ins by usage will be whitelisted with support for them gradually phased out over time. These include Microsoft Silverlight, Unity, Google Earth, Google Talk and Facebook Video.

Other NPAPI-based plug-ins are used by less than five percent of the Chrome user base, Google estimates.

"Eventually, NPAPI support will be completely removed from Chrome," Schuh said.

"We expect this to happen before the end of 2014, but the exact timing will depend on usage and user feedback."

Google already blocks Java plug-ins, which use NPAPI, by default for security reasons.

The firm has been moving away from NPAPI for some time. Last year, it ported Adobe Flash "from the ageing NPAPI architecture to our sandboxed PPAPI [Pepper Plug-In API] platform".

The complex port provided security benefits for Windows users of the Chrome browser, and cut 'Flash crashes" by about 20 percent.

Google already warns developers of Chrome extensions to only use NPAPI as a last resort, particularly due to the security risks it introduces.

"NPAPI is a really big hammer that should only be used when no other approach will work," it said.

From today, developers won't have a choice in the matter.

"No new Apps or Extensions containing NPAPI-based plug-ins will be allowed in the [Chrome] Web Store," Schuh said.

"Developers will be able to update their existing NPAPI-based Apps and Extensions until May 2014, when they will be removed from the Web Store home page, search results, and category pages.

"In September 2014, all existing NPAPI-based Apps and Extensions will be unpublished. Existing installations will continue to work until Chrome fully removes support for NPAPI."

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
apibrowserchromegooglenetscapenpapisecuritysupport

Partner Content

Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
"We're seeing some good policy put in place, but that's the exception"
Partner Content "We're seeing some good policy put in place, but that's the exception"
Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
By Staff Writers
Sep 25 2013
12:49PM
0 Comments

Related Articles

  • Google delays Chrome's blocking of tracking cookies to late 2023
  • Google draws US antitrust scrutiny over third-party cookies ban
  • ACCC starts review of Google's Mandiant buyout
  • Threat actors worked with ISPs to plant malware from Italian spyware vendor
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
Service NSW hits digital services goal two years early

Service NSW hits digital services goal two years early
NBN Co taking orders for 'non-premises' connections

NBN Co taking orders for 'non-premises' connections
NSW Police scores $100m to connect body-cams to firearms, tasers

NSW Police scores $100m to connect body-cams to firearms, tasers

Digital Nation

Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
The security threat of quantum computing
The security threat of quantum computing
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.