2

Well in case someone doesn't know yet... there is a new Java zero day.

I'm trying to disable it on Chrome but I can't find any option. Google searches says that the option for deactivate it is on chrome://plugins however I don't see such option there.

The Illusive Man
  • 10,487
  • 16
  • 56
  • 88
  • It may have an unexpected name in your `chrome://plugins` tab. On my system (Kubuntu 12.10) the relevant plugin is called IcedTea, with a small note in the description that it's responsible for java applets. – us2012 Jan 12 '13 at 04:48
  • 1
    Incidentally it's not a new 0-day, technically it's not even a 0-day as Oracle knew about it in August.... So lets be correct, it's a regularly exploited unpatched vulnerability. – ewanm89 Jan 12 '13 at 10:07
  • I know you said 23, but 26 lets me disable any plugin. Maybe you could move to 26? – jrwren Jan 26 '13 at 18:17

1 Answers1

2

If you can't disable java from chrome://plugins, you can use the -disable-java startup switch. Example:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -disable-java

Navigating to http://java.com/en/download/help/testvm.xml after a restart of the browser should give the message:

No working Java was detected on your system. Install Java by clicking the button below.

You can read about other switches in The Power User’s Guide to Google Chrome.

To improve security for the future, not just react to public exploits, you might also want to go to chrome://chrome/settings/content and check Click to play on the Plug-ins:

enter image description here

This will wait for your click in order to run the plug-in therefore limiting your exposure.

And this should protect you from more than just Java vulnerabilities:

  • Secunia PSI/VIM for notification of updates, vulnerabilities and automatic updates
  • Microsoft EMET for preventing stack overflows and similar
  • BufferZone for protection from drive-by installers
  • iCore Virtual Accounts for times when you need to walk the dark side of the net on a production machine
Cristian Dobre
  • 9,797
  • 1
  • 30
  • 50