The name “Netscape Plug-in API” (NPAPI) sounds like a relic from another age of browsers, but Chrome, Mozilla and other browsers still support this architecture for writing browser plug-ins today. But its time is quickly coming to an end. Mozilla will block NPAPI plugins in December and Google today announced that Chrome will start blocking webpage-instantiated NPAPI plugins by default in January 2014. The Chrome team plans to completely drop NPAPI support from the browser by the end of 2014.
Starting today, Google also won’t accept any new apps or extensions that contain NPAPI-based plug-ins in its Web Store.
As Google notes, NPAPI-based plugins were the first to bring video and audio support to browsers. Today’s web, the company argues, doesn’t need this 90s architecture. NPAPI, Google says, “has become a leading cause of hangs, crashes, security incidents, and code complexity.” Moving forward, Google security engineer Justin Schuh writes in today’s announcement, the company’s “goal is to evolve the standards-based web platform to cover the use cases once served by NPAPI.”
Google argues that most users won’t notice this change. Currently, only six NPAPI plug-ins are being used by more than 5 percent of Chrome users. These are Microsoft’s Silverlight, Unity, Google Earth, Java, Google Talk and Facebook Video (though Java has already been blocked by the Chrome team for security reasons). These plug-ins will be put on a temporary whitelist and end users and enterprise admins will also be able to whitelist other plug-ins as needed.
Developers who currently have apps or extensions that use NPAPI can still update them until May 2014. After that, they will be removed from the Web Store home page and search results and in September 2014, they’ll be unpublished. For developers who need an alternative to NPAPI, Google recommends switching to NaCl, Apps, Native Messaging API and Legacy Browser Support.