Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Chrome Security The Internet IT

Google Removes Plugin Controls From Chrome, Reports Claim (ghacks.net) 106

An anonymous reader shares a Ghacks report: Google made a change in Chrome 57 that removes options from the browser to manage plugins such as Google Widevine, Adobe Flash, or the Chrome PDF Viewer. If you load chrome://plugins in Chrome 56 or earlier, a list of installed plugins is displayed to you. You can use it, among other things, to disable plugins that you don't require. While you can do the same for some plugins, Flash and PDF Viewer, using Chrome's Settings, the same is not possible for the DRM plugin Widevine, and any other plugin Google may add to Chrome in the future. Starting with Chrome 57, that option is no longer available. This means essentially that Chrome users won't be able to disable -- some -- plugins anymore, or even list the plugins that are installed in the web browser. Please note that this affects Google Chrome and Chromium.Further report on BetaNews.
This discussion has been archived. No new comments can be posted.

Google Removes Plugin Controls From Chrome, Reports Claim

Comments Filter:
  • by VMaN ( 164134 ) on Monday January 30, 2017 @04:28PM (#53768999) Homepage

    ...Well, then it's hardly a plugin anymore, is it?

    • by Anonymous Coward

      Google doesn't attempt to use a new directory if the directory it expects for the plugin exists but lacks appropriate permissions. Remove permissions for yourself and the plugin stops working.

      This works for the flash installed in syswow64 and system32 as well. Just be careful editing permissions in those subtrees :)

  • by Anonymous Coward

    Is their goal to make IE look good?

  • Dear Firefox (Score:5, Insightful)

    by Anonymous Coward on Monday January 30, 2017 @04:34PM (#53769047)

    Dear Firefox,

    Please do NOT copy this feature.

    Signed,
    All four of us who still use Firefox.

    • by Anonymous Coward
      Don't worry, Mozilla is too busy kicking extension developers in the teeth.
    • by thegarbz ( 1787294 ) on Monday January 30, 2017 @05:37PM (#53769527)

      Dear 4 remaining users,

      We value your feedback.
      In the mean time we hope you enjoy the upcoming changes to our plugin system. We're replicating the features of a market leader with this one.

      Signed,
      Mozilla Dev Team

      • by Anonymous Coward

        >We're replicating the features of a market leader with this one.

        Buddy, I can see that your marketing-speak is a little rusty.

        I think you meant to say: "We're bringing you the features you've come to expect from a market-leading browser."

      • We're replicating the features of a market leader with this one.

        Yes, the battle to give away free software. So exciting.

      • by Anonymous Coward

        Dear Mozilla Dev Team,

        You now have 3 remaining users.

        Signed,
        Your mom.

  • by Dust038 ( 4606581 ) on Monday January 30, 2017 @04:34PM (#53769049)
    I get on one hand it saves some headaches to the average end user who doesn't care what plugins are installed. But on the other hand...The only reason to hide plugins is because you're doing something you don't want us to see. A plugin whose code you don't want us to delve into and figure out what it actually is doing. Specifically Sending Private Data about History and censoring. We'll see how far this gets. Thanks Google.
    • by Anonymous Coward

      So use open source! For fuck sake they even give the source in the Chromium project! It's time to stop whining about completely replaceable proprietary software and actually start using open source rather than just pontificating about it.

      Admittedly there are a great many cases where there is no decent open source alternative but web browsers *is not* one of them!

    • by AmiMoJo ( 196126 ) on Monday January 30, 2017 @04:58PM (#53769253) Homepage Journal

      From what I read they are looking to do away with plug-ins entirely, which may or may not be a good thing. Well, rather than removing them, they will be for internal use only, just like any other random DLL that a developer would choose to use in their code.

      On the one hand it would probably be better if browsers didn't have plug-ins because they have security issues. Flash is famous for them, as is Adobe Reader. Let everything be implemented as an extension, pure Javascript and CSS that runs inside the browser's sandboxed interpreter, and is cross compatible with other browsers. Get rid of binary interfaces, OS and architecture dependence.

      On the other hand, it means you can't disable features like the Widevine DRM bullshit even if you want to. At best all you can do is use an extension to block content in that format. And worst of all, there is no UI for finding and disabling stealth plug-ins that get installed by other apps.

      • by denis-The-menace ( 471988 ) on Monday January 30, 2017 @05:05PM (#53769297)

        RE: And worst of all, there is no UI for finding and disabling stealth plug-ins that get installed by other apps.

        Great!
        Hidden Chrome plugins: the New Browser Helper Objects

      • by mysidia ( 191772 )

        This makes sense for Google, but not for me. It's high time someone forked Chromium. While they're at it.... Add back in the ability to Easily see SSL certificate information!

        • This makes sense for Google, but not for me. It's high time someone forked Chromium. While they're at it.... Add back in the ability to Easily see SSL certificate information!

          Go ahead and do it or pay somebody to do it, that's the point of Open Source. We saw the same thing with systemd, a lot of whining but no action so these changes get "forced" through. If you're just going to whine about it and do nothing then Open Source is pointless.

          You can fork and maintain (merge from the mainline and keep your plugin changes) Chromium or pay somebody to do it and then Google can just keep doing what they want to do, if enough people don't like Google's approach and use yours then so muc

          • by MrL0G1C ( 867445 )

            Yes it requires more than zero effort

            Understatement of the year there, forking a browser would require more effort than one person could likely handle.

            • Yes it requires more than zero effort

              Understatement of the year there, forking a browser would require more effort than one person could likely handle.

              Nobody is suggesting forking it and abandoning upstream, a fork that merges everything but also maintains the chrome://plugins functionality is hardly a huge task.

      • And worst of all, there is no UI for finding and disabling stealth plug-ins that get installed by other apps.

        Or, considering that Chrome's chief of security recently said that [arstechnica.com] antivirus software is "my single biggest impediment to shipping a secure browser," maybe Chrome is going to get rid of the ability for other apps to install stealth plug-ins at all.

        Considering they have at least tried to make the presence of such plug-ins more transparent in the past, I'm optimistic that's indeed their plan.

      • If you eliminate plugins, you eliminate the possibility of third-party stealth plugins. Do I have to call the person I'm replying to a name to get modded up? OK. "You fuckwit."
    • Whelp...hours later. Bingo. MFing DRM.....son of a... https://yro.slashdot.org/story... [slashdot.org]
  • The new IE 6 (Score:4, Insightful)

    by Billly Gates ( 198444 ) on Monday January 30, 2017 @04:36PM (#53769063) Journal

    Webkit is getting too popular. Many websites are using -webkit or blink specific CSS 3 tags and ignoring HTML 5 standards. THis is not healthy.

    We need another new browser and not just one on an outdated insecure version of webkit/blink, but a new rendering engine with proper plugin and multiplatform support

    • by rwven ( 663186 )

      https://vivaldi.com/ [vivaldi.com] is a decent looking alternative.

      • by arth1 ( 260657 )

        https://vivaldi.com/ is a decent looking alternative.

        Vivaldi uses the Blink engine, so no, it does not qualify.

        • by rwven ( 663186 )

          Well, considering the complaining was about Webkit...and Blink is not Webkit...

          • by arth1 ( 260657 )

            Well, considering the complaining was about Webkit...and Blink is not Webkit...

            Blink is the fork of Webkit also used in Chrome and Chromium, so yes, it is directly relevant.

          • by Anonymous Coward

            Blink is a fork of the WebCore component of WebKit and is used in Chrome

          • Many websites are using -webkit or blink specific CSS 3 tags and ignoring HTML 5 standards.

            .

            • by mysidia ( 191772 )

              Submit it as a bug to the Webkit project, and get support for the non-CSS3-standards-compliant CSS tags removed?

    • I'm not particularly bothered if a browser doesn't fully support HTML 5. Omitting support for certain aspects of it would even be a selling point.

    • Seems like a good reason to use Vivaldi and or Firefox even if it involves some hassle initially. Serious bummer seeing Alphabet do this.
    • We need another new browser

      Why? The old one [seamonkey-project.org] works just fine...

    • Webkit is getting too popular. Many websites are using -webkit or blink specific CSS 3 tags and ignoring HTML 5 standards. THis is not healthy.

      The glacial pace of the standards body is the problem, people want to use the new features rather than wait for a committee to standardize them and then of course they rarely go back and revisit them because the specific extensions continue to be supported.

      • HTML 5 is moving too fast! It is very very big and not just a simple neutered XML with text with tags like HMTL 1,2,3, and 4.

        It includes special e6 javascript, CSS 3, 3.1, media codecs, webrtc for webcams, buffering algorithms, and the proper implementations. HTML 5 is as big as ajax, css, and HMTL 1,2,3, and 4 combined.

        Guess what? HTML 6 or 5.1 depending on which standards body is being worked upon ... just by Google setting the standards with Microsoft having some role too. Mozilla and Apple are irrelevan

        • Well that really depends on your point of view. Some applications - like office ones and video conferencing for example - are much more convenient as cross-platform web apps rather than native apps you need to install (or even worse browser and platform specific plugins) and they should be written to a standard so you aren't dependent on a specific vendor to run them.

          HTML 6 or 5.1 depending on which standards body is being worked upon ... just by Google setting the standards with Microsoft having some role too. Mozilla and Apple are irrelevant these days

          Of course, because Google and Microsoft develop the sorts of applications best suited to run in platform-agnostic browsers so they need to inn

    • You mean like Firefox? I use Firefox on a daily basis (I still prefer Firebug over Chrome's developer tools) and it works great. YMMV

  • I use Chrome only where complex web applications seem to need it to work (e.g. ones provided to me by my employer).

    This move kind of justifies the challenges I face getting certain websites to work in my browser of choice (a Firefox fork). It may lack the level of website support that Chrome enjoys but it provides a shitload more support to me.

    Sorry Google, your quest for world domination has already failed. Well, until someone kills me anyway.

    • I know but Firefox 57 will apparently lock the UI down like chrome. Already Quicksaver has thrown in the towel (FindBar Tweak, OmniSideBar, Tab Groups, Puzzle Bars, Beyond Australis)... as well I've heard dire rumblings in the Tree Style Tabs camp among others.
      • I've been gradually going through and disabling|uninstalling extensions. Am down to about a dozen now:

        Enpass Password Manager*
        GreaseMonkey|TamperMonkey
        Multiple Tab Handler
        Session Manager
        Stylish
        Stylish-Custom
        Tabhunter
        Tree Style Tab
        uBlock Origin
        uMatrix
        url-addon-bar
        Vertical Toolbar

        If Tree Style Tabs goes under, there will be very little reason to actually use Firefox anymore.

        *Enpass isn't as good as lastpass, and has an ANSI import-bug, which I just reported
        But LastPass causes 20%+ persistent C

        • Most of that functionality is available in Chrome except for Tree Style Tabs. The similar offerings on the Chrome side are fraught with gotchyas and clunky UI's to the point where you can't even use them to manage current tabs, but instead they degrade into a poor mans bookmark of recent activity.

          See: Sidewise, or Tabs Outliner.
      • What they will do in Firefox 57 is remove the ability to use the "old-style" extensions. Those could access many of the internals of the browser which is both good (they allow for big changes and neat things) and bad (dependence on internal structures and thus fragility, security issues).
        The problem is that the new interface for extensions doesn't allow for many things the old did and thus many existing extensions just can't be replicated with the new API and so will cease to work in the Firefox versions.
  • Firefox somewhere back in the low- to mid-40 version nummers eliminated the option to ask the user for each new cookie that sites try to set. This was valuable to anal-retentive users like me who could allow the target site and maybe its CDN to set cookies, but BIGINVASIVEADS.COM and TRACKYOUREVERYMOVE.NET would get nada.

    Remember when these were the upstart, alternative browsers out to help the little guy?

    • by JohnFen ( 1641097 ) on Monday January 30, 2017 @04:45PM (#53769161)

      Yes, that's a problem. However, there are FF add-ons that will bring that behavior back, such as Cookie Controller.

      • by Anonymous Coward

        I like cookie monster myself.

        Allow session cookies, is a great option.

      • Sadly, nope.

        http://forums.mozillazine.org/... [mozillazine.org]

        Cookie Controller seems to be wayyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy too complex for what it provides, yet if it doesn't allow me finer control over the setting of cookies in the first place I'm not sure it's worth it.

        I guess Mozilla is in cahoots with advertisers these days. YOU MUST ACCEPT COOKIES. RESISTANCE IS FUTILE!

    • by pla ( 258480 )
      I agree with you in spirit (quit taking control away from the user!), but...

      We already won the cookie war via private browsing / incognito mode. Let sites set whatever the hell they want, because no one but the originating site will ever see it, and as soon as the browser closes, *poof*, all nice and clean.
      • Personally, I find incognito mode too inconvenient for common use. There are some cookies that I want to be maintained, and it's too error-prone to have to switch modes back and forth. It's much safe and easier to tell the browser which cookies I want and which ones I don't.

  • Addendum: But if you're going to be evil do it gradually so that it's not so obvious.
  • by IonOtter ( 629215 ) on Monday January 30, 2017 @04:49PM (#53769203) Homepage

    Norton Spywa...err..."anti-virus" does this. It installs itself into Chrome and Firefox, without permission, and doesn't allow you to remove it.

    You can disable it, but not remove it.

    • by vux984 ( 928602 )

      and doesn't allow you to remove it.

      This may not be quite as evil as you think. Norton's plugin are installed by way of the installer under elevated privileges; because of this they're owned by "SYSTEM" (iirc) so regular users and even administrtor's can't remove them.

      It's not so much that they are trying to be douches as being a side effect of how they got installed. And, there is an argument to be made that you don't want it to be possible for a random user or user-space process to be able to remove your antivirus plugins at will.

      That said

      • Having worked for a couple of major consumer security software firms, I can tell you that my experience is that you're half right.

        The developers have every intention of allowing you to remove the software. However, once installed, uninstalling such software is technically challenging on a number of levels. Not just because the software must put tendrils deep into sensitive parts of the OS, making removal difficult when done on a system in an unknown state, but also from a project management perspective. The

  • ACHTUNG!! Ziz is ze Kookle Krome team! You vill uze ALL extensiuns, ALVAYS!

  • After Apple started with lock-in and iOS golden cages with no access to file systems, they started losing Karma with the nerd crowd. Karma they had gained so much in moving to basically a FOSS unix as their new OS of the second coming of Steve Jobs.

    As Apples Karma burned, Google was the closest thing to the new darling child of the nerd/geek crew. With moves like this and them also slowly turning their phones into nothing but hardware outlets for their brave new google services they are going the way of Apple in annoying the opinion-leaders (us). This is never a good move in the long-term and usually marks a decline of some sort. You know, like planlessly releasing 2 additional messaging apps and other strange things. Chrome is an awesome browser and V8 does a lot to strengthen the web - the worlds #1 free plattform these days. But screw this up, and people will start finding ways to move away from Chrome and Google. I hope there are enough smart techies in charge at Google to backpedal on this decision.

    All that aside I have a question:
    Is there a Fork of Chromium in the wild that won't follow this lead? I use chromium regularly, but I've used alternatives too (Opera, Vivaldi, Brave, etc.) and wouldn't mind using a fully FOSS Chrome clone alternative for a change. Any project doing this?

    • by Anonymous Coward

      The problem is that chromium is ... fucking massive. It's larger than many OS, it's more than any individual can comprehend in his lifetime, forking it is no small task. I don't know enough about building a browser to know if it's possible - but I would really like it if smarter people than me got together and built a good fast browser with a small code base, that would allow a lot more in the way of forks and freedom. Chromium is basically chromium, and is unlikely to ever be anything more (with v8 as the

    • The problem is that we geeks don't have as big an influence as you think. This is proven by the fact that regular users don't care at all about the Apple walled garden and keep buying iPhones by the millions.
      Abusing the users only has consequences if a large amount of those users get fed up with it (doesn't seem to be happening either with iOS, Android or Windows 10) and they can migrate to better alternatives. At this point, IMO, there's no good alternative in the mobile space, and in the desktop space yo
  • by mveloso ( 325617 )

    This is presumably so you can't block ads via plugins.

    Soon you'll have to use google's proxies, which will automatically insert appropriate and life-changing ads into any network stream you use.

    • by tlhIngan ( 30335 )

      This is presumably so you can't block ads via plugins.

      Soon you'll have to use google's proxies, which will automatically insert appropriate and life-changing ads into any network stream you use.

      Well, considering Google owns online advertising, I don't think there's much to do to add ads to the network stream - because the places you go already use one of Alphabet's ad networks anyways.

      And the sites that don't, well, it's because Alphabet's ad networks refuse to touch them anyways.

      So practically all the ads

    • i rather block ads with /etc/hosts file that way it is systemwide and all apps benefit from it
  • now if and/or when this filters down to the chromium builds included with Linux distros that just remove people's ability to customize how their browser functions, i dont even want flash on my PC at all, not even as disabled code, i guess its time to find another browser
  • by mythosaz ( 572040 ) on Monday January 30, 2017 @05:41PM (#53769561)

    Important distinction:

    chrome://plugins/ is where the internal PDF viewer is enabled or disabled.
    chrome://extensions/ is where you put uBlock, or your corporate overlords install WebSense.

    Plugins are moving to chrome://settings/content

    That's it. INTERNAL PLUGINS ARE GETTING MOVED to a new menu location.

  • The story while correct does not take in to account that there is another way to manage extensions. One could right click on an extension and select manage extensions from the drop down menu and the normal extension panel will display.
    • This story is about plugins, not extensions. These are two different things. Plugins are managed at chrome://plugins, extensions are managed at chrome://extensions.

  • Chrome 56 enables Flash each time it starts, even if I manually disable it That is quite bad, because it leaves my system vulnerable to a flash exploit (there are tens of them) and malicious code which steals history, cookies, etc, while I am thinking that I have completely disabled it. That is a fucking dirty trick. I could get tracked or even compromised by crappy sites, not knowing flash is auto-enabled. Thank you, Google. You are definitely did the evil
  • You're welcome.

No spitting on the Bus! Thank you, The Mgt.

Working...