Google Chrome to Block Plugins Built using NPAPI Architecture

Google Chrome is planning to block Plugins using NPAPI architecture, starting early next year. NPAPI has an old architecture, which has become a leading cause of hangs, crashes, security incidents, and code complexity.

Netscape Plug-in Application Programming Interface (NPAPI) was first developed for Netscape, and is supported by browsers like Mozilla Firefox, Google Chrome, Apple Safari and Opera. However, its security shortcomings have led to numerous cyber attacks on millions of systems.

Google, Mozilla and Opera responded to this threat by implementing click-to-play, an optional feature that prompts users for confirmation before executing plug-in based content. Later in 2012, Google switched to Flash Player plugin bundled with Chrome for Windows and MAC from NPAPI to another architecture called PPAPI.

PPAPI was developed by Google itself. Pepper Plugin APIĀ (PPAPI) or simply Pepper, is able to force plugin codes to run securely inside a sandbox and makes it less susceptible to crashes.

Google reports that from January 2014, it will block webpages with NPAPI architecture on its web browser, Chrome. However, to avoid inconvenience to users, they will temporarily allow most popular NPAPI plugins like Silverlight, Unity, Google Earth, Google Talk and Facebook Video that are not blocked for security reasons.

Developers will be able to update their existing NPAPI-based Apps and Extensions till May 2014. In September 2014, all existing NPAPI-based Apps and Extensions will be unpublished from Chrome web store. Existing installations will continue to work until Chrome fully removes support for NPAPI.