Java’s days numbered as Chrome 42 blocks plug-ins by default
Wed 15 Apr 2015

Google has today released a stable version of Chrome 42 along with a new default block which filters out NPAPI plug-ins, including Silverlight and Java.
Google has been attempting to phase out support for old Netscape Plug-In API since 2013 so the blocks do not come as a surprise to many. The search giant will also take down all extensions which require NPAPI plug-ins from its Chrome Web Store. From today, all NPAPI plug-ins will display as if they have not been installed and will no longer feature on navigator panels.
The move is inspired by security concerns which have revealed NPAPI plug-ins as big threats, as well as the cause of hangs and crashes. However, the two main plug-ins affected by the block, Silverlight and Java, are used extensively in business, by government agencies such as the UK’s NHS, and by popular video-streaming services such as those provided by Netflix and Amazon Prime.
Google has released an override tool which will be effective for the next six months to reverse the block: chrome://flags/#enable-npapi
However, following September 15th this year, Chrome 45 will no longer offer the option to override the NPAPI filter and the plug-ins will be permanently removed from Chrome. All previously installed extensions which require NPAPI plug-ins will also be blocked.
Chrome’s developer guide advises the following to those who currently rely on the blocked plug-ins: “In general, the core standards-based web technologies (HTML/CSS/JS) are suitable for most client software development. If your application requires access to features outside the web sandbox, myriad Chrome Extension and App APIs offer access to OS features.” That is, of course, if an alternate browser is not an option.
For the time being Firefox, Internet Explorer, Safari and Opera support NPAPI including Java plug-in but these tend to offer additional security features. For example, Firefox does not allow plug-ins by default, except for those which have passed a number of security controls, and gives its users the option of enabling them.