Firefox and Chrome give browser plug-ins the cold shoulder
By Brad Chacos
PCWorldSep 25, 2013 6:36 am PDT
All of a sudden, the browser plug-in as we know it is starting to look mighty unpopular.
Microsoft barred plug-ins from the modern UI version of Internet Explorer 10 right out of the Windows 8 gate, and this week, the other two major browsers advanced plans to nerf the out-of-the-box functionality of traditional plug-ins.
Google announced that plug-ins using the uber-popular NPAPI architecture would be shifted to “click-to-play” by default this coming January, rather than running automatically. Many top plug-ins use the technology, including Java, Silverlight, Unity, Google Earth, Google Talk, Facebook Video, RealPlayer, QuickTime, Shockwave, Windows Media Player and Adobe Reader prior to Adobe Reader X.
That’s just a stopgap, though: In May 2014, Google will stop publishing new NPAPI-based plug-ins in the Chrome Web Store, leading up to a complete removal of all NPAPI plug-ins in September. Eventually, Google Chrome security engineer Justin Schuh said Monday in a blog post, “NPAPI support will be completely removed from Chrome.”
Firefox is even less enamored with plug-ins. This week, click-to-play functionality arrived in Firefox Aurora, a preview build of the browser that will hit release status in mere weeks. As with Chrome, the new feature still allows you to use plug-ins, but you have to explicitly allow them to run.
Both browsers—and IE10—will continue to play Adobe Flash content by default, though Firefox and Chrome. “Flash content is so common on the Web, and many websites use “hidden” Flash instances that the user does not see and cannot click on: making Flash click-to-play would be confusing for most users,” Benjamin Smedberg, the Firefox engineering manager for stability and plugins, wrote in a Tuesday blog post of his own.
Unlike Google, Mozilla did not announce plans to eliminate traditional plug-ins for Firefox down the line.
Why all the hate?
Simple: Plug-ins may be handy, but, as both Schuh and Smedberg emphasized. they’re also far and away the leading source of browser crashes, hang-ups, and security vulnerabilities.
The shunning of traditional plug-ins shouldn’t leave end users out in the cold and wanting for features, though. Simply put, advancing technology has passed plug-ins by.
“Plug-ins used to be an important tool for prototyping and implementing new features such as video and animation,” Smedberg wrote. “As browsers have advanced, this kind of feature development can occur directly within the browser using technologies such as WebGL, WebSockets, WebRTC, and asm.js.”
Beyond open web technologies, Google has created a new type of plug-in technology that fixes many of NPAPI’s most glaring flaws. In 2010, the company introduced a new plug-in architecture called PPAPI (Pepper Plugin API) that forces plug-in code to run securely inside a sandbox and makes it less susceptible to crashes.
There’s just one problem: Chrome is the only browser compatible with PPAPI, and the Mozilla wiki page for PPAPI simply says “Mozilla is not interested in or working on Pepper at this time.”
It’s definitely time to move beyond the dated plug-in technology we’ve been using since the Netscape days, but here’s hoping that the death of the old NPAPI standby doesn’t lead to a fractured landscape of mish-mashed browser support.