Manage Flash in Chrome
Starting with Chrome 54 (October, 2016), Adobe Flash is no longer included with the Chrome browser or Chrome MSI. By default, Chrome installs Flash the first time a user encounters Flash content, and Chrome will continue to update Flash via the Chrome Component Updater.
For most organizations, we recommend you use the default settings. However, some IT admins may want to manage their users’ Flash experience. See below for how the changes starting with Chrome version 55 and later affect your organization.
Also, there are additional changes with the feature HTML5 by Default, which launched in 2017.
Flash deployment recommendations for IT admins
You have two options:
Option 1: Allow Google to update Flash on your behalf (recommended)
Keep the Chrome Component Updater enabled (default). Flash will download and install (first time your users access Flash), and Flash will update as needed.
Option 2: You own the responsibility of updating Flash for your users.
Manually install and manage your company's installation of Flash via the Adobe Flash MSI.
- Disable Component Updater using this policy.
- Download and deploy Flash to your users via the Adobe Flash MSI.
- Continue to update Flash for your users via the Adobe Flash MSI every time an update to Flash is released.
Google Chrome will not update the Adobe Flash dlls -- all updates are done manually by the IT admin (for example, re-deploying Adobe Flash updates via newer MSI packages). If Component Updater is left enabled, Chrome will choose to use either the Adobe Flash MSI dll or the Chrome plugin (whichever is newer).
Manage Flash by policy
You can manage how Flash playback happens using the DefaultPluginsSetting policy as well as PluginsAllowedforURLs. If these policies are not configured, Chrome will require users to activate Flash for each site that requires Flash that they visit.
Starting with Chrome 62: To minimize user impact and retain Flash functionality, you can whitelist internal and trusted sites that your users regularly access or http://* and https://* to allow Flash to play automatically. However, this is generally not recommended for security reasons.
Note: You should whitelist specific URLs by using PluginsAllowedForUrls as opposed to the broader wild card mentioned above.
- PluginsAllowedForUrls - This whitelists certain URLs to automatically run Flash. You can enable internal Flash applications and sites that you trust by creating whitelists such as ["[*.]mycorp.com", "play.spotify.com"].
- PluginsBlockedForUrls - This blacklists certain URLs from accessing Flash content such as ["flashvideosite.com"].
When DefaultPluginsSetting="3" ("Flash - Ask first") is selected, users may need to click on Flash content and Allow it to run for that site first. With this setting, your user may see "Click here to Install Flash!" After the user clicks the link, they can click Allow.
Note: Starting in Chrome 62, Option 3- 'Click to play' will no longer be an option.
Alternatively, your users may see a gray box with a puzzle piece and the error “Click to enable Adobe Flash Player.”
- Click the gray box that says “Click to enable Adobe Flash Player.”
- In the box that appears in the top-left, click Allow to run the Flash plugin.
Testing tip: We recommend you test this functionality on internal and trusted sites with Chrome 55, 56, 57, and Chrome Canary along with the DefaultPluginsSetting policy and URL whitelists with PluginsAllowedForUrls. If there are business-critical sites in your organization that require Flash, please message these changes accordingly to the affected users.
If you set DefaultPluginsSetting to “1 = Allow all sites to automatically run plugins,” ensures that Flash content to be played automatically. Note: This setting only works through Chrome 61. Starting with Chrome 62, Chrome is ending support for "Allow all sites to automatically run plugins."
If you set DefaultPluginsSetting to “2 = Block all plugins,” all Flash content will be blocked from being played on your users’ computers. This is not recommended for most organizations. Test before enabling this setting and only use it if you want to completely block all Flash content for your users.
If you have Chrome installed prior to version 54:
- If you have not modified Chrome's default settings, Chrome will continue to update Flash via the Component Updater.
If you are deploying Chrome for the first time:
- Via the MSI package or any other installer, Flash will not be included. If users visit a site that requires Flash and Component Updater is enabled, Flash will be downloaded and installed inline the first time a user needs Flash. If the Component Updater is disabled, Flash will not install and fail to run the Flash content.
- You also have the option to deploy Flash in your organization via the Adobe Flash MSI. Users in your organization will continue to receive Flash updates unless you disable the Component Updater, which is enabled by default.
- If you’re deploying Flash via the Adobe MSI and disable the Component Updater, you need to make sure to update it with every release to keep Flash updated throughout your organization. For instructions on downloading the Adobe Flash MSI, see the Adobe Flash Player Administration Guide (PDF).
If you don’t need Flash for your organization, you can disable the plugin to disallow your users from running Flash content.
The primary way to disable plugins is to set DefaultPluginsSetting = 2.
Optionally, if you want to fine tune how you disable plugins, you can set these policies:
Starting with Chrome 54, we removed Flash from our installer package, which means we no longer ship Flash with the Chrome MSI. Flash is downloaded as a component update from Google (also called Pepper Flash) when the user comes across their first Flash content in Chrome.
ComponentUpdatesEnabled is a new policy that exists to disable Component Updater for enterprises that want to deploy Flash via the Adobe Flash MSI. This is an advanced setting, and is not recommended for most enterprises.
If you deploy your own Flash dll via the Adobe Flash MSI, and leave Component Updater enabled, Flash will continue to be updated by Adobe’s dll and not Google's Flash dll.
If you disable Component Updater and still want users to be able to access Flash content, you must install Flash via the Adobe MSI.
This is an advanced setting, and most organization will likely keep the default selected, which will auto-install Flash from Google when your users come across Flash content in their browser.
See the warning box above for the consequences if you disable Component Updater without deploying the Adobe Flash MSI in a timely manner.