Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Google pulls trigger, cripples some Chrome add-ons

Gregg Keizer | June 2, 2014
Google is moving ahead with plans to aggressively lock down its Chrome browser by disabling most add-ons not installed from its curated app store and banning plug-ins built to a decades-old standard.

"Kaspersky is essential, dip*****. Your lame *** nanny disabling of our extensions has left my computer vulnerable to all forms of malicious content now!" howled someone identified as Teo Purcell on the support forum yesterday. "Fix this **** or I'm done with this mess of a browser."

Another Chrome user was less profane, but just as angry after the browser disabled one of his favorite add-ons. "This is the single biggest intrusion into not only my browsing convenience, but my computer usage I've ever seen in my entire life," said "GODzillaGSPB" on Tuesday. "This is not okay. I will seek ways around it and if I don't find one I will uninstall this browser for good."

Also on Tuesday, Google's Chrome Web Store no longer showed NPAPI-based apps and extensions on the home page, search results, and category pages, essentially making them impossible to find.

NPAPI, for Netscape Plug-in Application Programming Interface, harks back to — not surprisingly — Netscape, the 1990s browser that Microsoft buried in its antitrust-triggering battle over the still embryonic browser market. The NPAPI architecture has long been criticized for slack security, with years of plug-in hacking — particularly of Adobe Flash Player, Adobe Reader and Oracle's Java — proving the critics right.

NPAPI has long been the most popular plug-in standard, and is still supported by Firefox, Opera and Safari. Microsoft's Internet Explorer has always relied on its own proprietary ActiveX architecture for extensions.

Meanwhile, Google has pursued its own plug-in architecture, dubbed PPAPI (Pepper Plugin API), pronounced "pepper," that runs code inside a "sandbox," an anti-exploit technology that prevents, or at least hinders, hackers from pushing their malware onto the machine.

Opera is the only other browser that currently supports PPAPI, not surprisingly since it's now built atop the same browser engine inside Chrome.

Last year, Google announced it would pull NPAPI support from Chrome by the end of 2014. Since then, it's automatically blocked most NPAPI-based plug-ins — among the exceptions have been Microsoft's Silverlight and Oracle's Java — and barred new plug-ins from its Chrome Web Store.

Tuesday, it took the step promised last September when it said it would hide NPAPI plug-ins within the Chrome Web Store. This fall, it will yank all NPAPI plug-ins from the market.

With Chrome 37, which should reach the "Stable" channel in late August or early September, Google will take yet another step by showing a more draconian warning to users who try to run a NPAPI plug-in.

"Support for NPAPI will be completely removed from Chrome in a future release, probably by the end of 2014," stated a developers guide on the death of NPAPI in Chrome.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.