Manage Flash in your users' Chrome Browsers

This article applies to only managed versions of Chrome Browser. Chrome OS comes with Flash built-in, and Flash cannot be uninstalled on Chrome OS devices.

Important note: Adobe® has announced that Flash® Player® will be deprecated in December 2020. In Chrome 76 and later, Flash Player is turned off by default. Users can manually switch to ask first before running Flash, without impacting policy settings that you set for Flash. For details about shipped and upcoming changes, see the Flash Roadmap.

We strongly encourage organizations to migrate to alternative solutions.

By default, Chrome installs Adobe Flash Player in the background or the first time that a user encounters Flash content, and Chrome will continue to update Flash Player via the Chrome Component Updater.

For most organizations, we recommend you use the default settings. However, some admins may want to manage their users’ Flash experience.

Flash deployment recommendations

Option 1: Allow Chrome to manage its version of Flash Player (recommended)

Keep the Chrome Component Updater enabled (default). In Windows Group Policy Editor, set ComponentUpdatesEnabled=true. Chrome will download and install Flash Player and update it as needed.

Option 2: You own the responsibility of updating Flash Player for your users

Manually install and manage your company's installation of Flash via the Adobe Flash Player MSI (for Chromium).

  1. Disable Component Updater by setting ComponentUpdatesEnabled=false.
  2. Download and deploy Flash to your users via the Adobe Flash MSI. Be sure to select Opera & Chromium PPAPI MSI.
  3. Continue to update Flash for your users via the Adobe Flash MSI every time an update to Flash is released.

In this case, Chrome will not update Adobe Flash Player-- all updates are done manually by the IT admin (for example, re-deploying Adobe Flash Player updates via Adobe's newer MSI packages). If the Component Updater is left enabled, Chrome will choose to use either the Adobe Flash Player MSI dll or the Chrome plugin (whichever is newer).

Warning: Do not disable the Component Updater using the ComponentUpdatesEnabled policy without deploying the Flash MSI to your users. If you do this, Flash will fall out of date as no updates will be installed from Google if Component Updater is disabled. This could leave Flash open to potential bugs and security issues. If Flash falls too far out of date, Chrome may block the outdated plugin.

Verify what version of Flash Player is running on Chrome for both Options 1 & 2 above. Go to chrome://version to see what version is installed.

  • If the update is delivered by the component updater (Option 1) a restart is needed for Linux and Chrome OS but not for Microsoft® Windows® or Apple® macOS®.
  • If updating using the Adobe Flash Player MSI (Option 2), restarting Chrome for all platforms is necessary.  

Manage Flash by policy

You can manage how Flash playback happens using the DefaultPluginsSetting, PluginsAllowedforURLs, and PluginsBlockedForURLs policies. If these policies are not configured, for Chrome 76 and later, Flash playback is blocked by default.

Note: The Chrome policies DefaultPluginsSetting, PluginsAllowedForUrls, and PluginsBlockedForUrls only affect the Flash plugin and not any other plugins.

  • When DefaultPluginsSetting is set to either 1 = Allow all sites to automatically the Flash plugin or 3 = Click to Play, users need to click on Flash content and click Allow to let Flash run for sites that require it. Users might see a message prompting them to click to enable Flash Player before they can click Allow to run the Flash plugin. When users go to chrome://settings/content/flash, they’ll see that Flash is set to Ask first and they can’t change it.
  • Setting DefaultPluginsSetting to 2 = Block the Flash plugin, blocks all Flash content from being played on your users’ computers. When users go to chrome://settings/content/flash, they’ll see that Flash is set to Block sites from running Flash (recommended) and they can’t change it.

Starting in Chrome 85: For the PluginsAllowedForUrls and PluginsBlockedForUrls policies, you can no longer use wildcards in hostnames, such as https://* and https://[*.] If you're currently using hostname wildcards, you need to change them so that they explicitly specify which hostnames still require Flash. For example, you should update https://[*.] to match explicit entries such as This change is intended to help you to determine which sites still require updating, while allowing you time to make adjustments before support for Flash is entirely removed in December 2020.


How do I keep Flash updated?

If you have not modified Chrome's default settings, Chrome will continue to update Flash via the Component Updater.

How do I disable Flash for my organization?

If you don’t need Flash for your organization, you can disable the plugin to disallow your users from running Flash content.

The primary way to disable plugins is to set DefaultPluginsSetting = 2.

Optionally, if you want to fine tune how you disable plugins, you can set these policies:

  • DisabledPlugins - This policy allows you to block Flash from being used by your users.
  • DisabledPluginsExceptions - This policy allows you for more granular control over which plugins you block. Read the instructions on Chromium before using this policy.
Is Flash included in the Chrome MSI?

No - Chrome will download the latest version of Flash when needed as the user browses, unless component updates are disabled.

An out-of-date version of Flash is included in MSI installers for Chrome 53 and earlier.

What happens if I disable Component Updater?

If you disable Component Updater and still want users to be able to access Flash content, you must install Flash through the Adobe MSI.

This is an advanced setting, and most organizations keep the default selected, which will auto-install Flash for Chrome when your users come across Flash content in their browser.

See the warning box above for the consequences if you disable Component Updater without deploying the Adobe Flash MSI in a timely manner.

Was this helpful?
How can we improve it?