40
4
Why is the Java plugin (JRE) is disabled in Chrome? It is some security concern?
From official Java website:
Chrome no longer supports NPAPI (technology required for Java applets) The Java plug-in for web browsers relies on the cross platform plugin architecture NPAPI, which has been supported by all major web browsers for over a decade. Google's Chrome version 45 (scheduled for release in September 2015) drops support for NPAPI, impacting plugins for Silverlight, Java, Facebook Video and other similar NPAPI based plugins.
But anyone knows why? How it could be dangerous for Chrome user with latest version of Java JRE installed?
8You have answered your question: because Java plugin uses NPAPI and Chrome no longer supports it. – gronostaj – 2016-06-13T14:12:12.917
7Though the official reason sounds good, my personal suspicion is that the fallout between Google and Oracle over Android had much more to do with it than anyone wants to admit. – Devsman – 2016-06-13T14:24:55.873
2Why Java disabled? in first place "why Flash and Java are enabled?" Unless I trust really much a site I even disable Javascript (well in reality I have a desktop short cut for the browser without Javascript) – CoffeDeveloper – 2016-06-13T17:12:21.170
They don't want to. – Thorbjørn Ravn Andersen – 2016-06-14T08:16:27.380
1When posting quotes, please include a link to the source in the future. – None – 2016-06-13T08:55:48.373
Because it's a really good idea given past security holes. Flash RIP in any form as well. – Fiasco Labs – 2016-06-13T15:16:26.923
@Devsman Really doubt it, as the push against plugins was started by Apple against Adobe. – David Mulder – 2016-06-14T13:57:46.967
1@Devsman If it was just Java, your argument might be plausible, but Google is going after all plugins (and so is Mozilla). Silverlight, Acrobat Reader, shockwave, unity, quicktime, real player, etc. have all been hit by the same ban hammer. They were all widely installed and at least occasionally used by large numbers of people over the years. All provided things that couldn't be done in the browser directly 5-20 years ago; but which are either doable by browser intrinsics or HTML5 directly these days... – Dan is Fiddling by Firelight – 2016-06-14T14:25:55.563
Flash is the only exception at present due to its ubiquity; but even it is being squeezed hard with Google having recently announced the use of more intrusive click to play settings to increase the pressure on site maintainers to replace their flash. To mitigate the risks involved from it Google is using a custom build of flash which lets them control patching it (Adobe's updater only checks when your computer is booted) and using a custom API that they can lock down much more tightly than NPAPI. Eventually they'll pull the plug on it as well, although no potential date has been made public. – Dan is Fiddling by Firelight – 2016-06-14T14:26:41.197
Personally, I think it's mostly about security, but also unified experience across different platforms. Android, iOS, PlayStation 4, smart TVs, etc. don't support plugins at all. Websites should rely on standardized APIs (HTML5) that work everywhere. – gronostaj – 2016-06-14T18:02:58.137
By the way, if you want to do something similar to applets, use JNLP to launch an app from a HTML link. – Zan Lynx – 2016-06-14T19:28:05.763