Manage Flash in your users' Chrome Browsers
Important note: Adobe® has announced that Flash® Player® will be deprecated in December 2020. In Chrome 76 and later, Flash Player is turned off by default. Users can manually switch to ask first before running Flash, without impacting policy settings that you set for Flash. For details about shipped and upcoming changes, see the Flash Roadmap.
We strongly encourage organizations to migrate to alternative solutions.
By default, Chrome installs Adobe Flash Player in the background or the first time that a user encounters Flash content, and Chrome will continue to update Flash Player via the Chrome Component Updater.
For most organizations, we recommend you use the default settings. However, some IT admins may want to manage their users’ Flash experience.
Flash deployment recommendations for IT admins
You have two options:
Option 1: Allow Chrome to manage its version of Flash Player (recommended)
Keep the Chrome Component Updater enabled (default). In Windows Group Policy Editor, set ComponentUpdatesEnabled=true. Chrome will download and install Flash Player and update it as needed.
Option 2: You own the responsibility of updating Flash Player for your users.
Manually install and manage your company's installation of Flash via the Adobe Flash Player MSI (for Chromium).
- Disable Component Updater by setting ComponentUpdatesEnabled=false.
- Download and deploy Flash to your users via the Adobe Flash MSI (be sure to select “Opera & Chromium PPAPI MSI”).
- Continue to update Flash for your users via the Adobe Flash MSI every time an update to Flash is released.
In this case, Google Chrome will not update Adobe Flash Player-- all updates are done manually by the IT admin (for example, re-deploying Adobe Flash Player updates via Adobe's newer MSI packages). If the Component Updater is left enabled, Chrome will choose to use either the Adobe Flash Player MSI dll or the Chrome plugin (whichever is newer).
To verify what version of Flash Player is running on Chrome (for both Options 1 & 2 above) -- go to chrome://version to see what version is installed. Note that if the update is delivered by the component updater (Option 1) a restart is needed for Linux and Chrome OS (not for Windows or macOS). If updating using the Adobe Flash Player MSI (Option 2), restarting Chrome for all platforms is necessary.
Manage Flash by policy
You can manage how Flash playback happens using the DefaultPluginsSetting policy as well as PluginsAllowedforURLs. If these policies are not configured, Chrome will require users to activate Flash for each site that requires Flash that they visit.
Starting with Chrome 62: To minimize user impact and retain Flash functionality, you can whitelist internal and trusted sites that your users regularly access or http://* and https://* to allow Flash to play automatically. However, this is generally not recommended for security reasons.
Note: You should whitelist specific URLs by using PluginsAllowedForUrls as opposed to the broader wild card mentioned above.
- PluginsAllowedForUrls - This whitelists certain URLs to automatically run Flash. You can enable internal Flash applications and sites that you trust by creating whitelists such as ["[*.]mycorp.com", "play.spotify.com"].
- PluginsBlockedForUrls - This blacklists certain URLs from accessing Flash content such as ["flashvideosite.com"].
When DefaultPluginsSetting="3" ("Flash - Ask first") is selected, users may need to click on Flash content and Allow it to run for that site first. With this setting, your user may see "Click here to Install Flash!" After the user clicks the link, they can click Allow.
Note: Starting in Chrome 62, Option 3- 'Click to play' is no longer an option.
Alternatively, your users may see a gray box with a puzzle piece and the error “Click to enable Adobe Flash Player.”
- Click the gray box that says “Click to enable Adobe Flash Player.”
- In the box that appears in the top-left, click Allow to run the Flash plugin.
Testing tip: If you’re still on Chrome 54 or earlier, we recommend you test this functionality on internal and trusted sites with Chrome 55, 56, 57, and Chrome Canary along with the DefaultPluginsSetting policy and URL whitelists with PluginsAllowedForUrls. If there are business-critical sites in your organization that require Flash, please message these changes accordingly to the affected users.
If you set DefaultPluginsSetting to “1 = Allow all sites to automatically run plugins,” ensures that Flash content to be played automatically. Note: This setting only works through Chrome 61. Starting with Chrome 62, Chrome is ending support for "Allow all sites to automatically run plugins."
If you set DefaultPluginsSetting to “2 = Block all plugins,” all Flash content will be blocked from being played on your users’ computers. This is not recommended for most organizations. Test before enabling this setting and only use it if you want to completely block all Flash content for your users.
If you have not modified Chrome's default settings, Chrome will continue to update Flash via the Component Updater.
If you don’t need Flash for your organization, you can disable the plugin to disallow your users from running Flash content.
The primary way to disable plugins is to set DefaultPluginsSetting = 2.
Optionally, if you want to fine tune how you disable plugins, you can set these policies:
No - Chrome will download the latest version of Flash when needed as the user browses, unless component updates are disabled.
An out-of-date version of Flash is included in MSI installers for Chrome 53 and earlier.
If you disable Component Updater and still want users to be able to access Flash content, you must install Flash through the Adobe MSI.
This is an advanced setting, and most organizations keep the default selected, which will auto-install Flash for Chrome when your users come across Flash content in their browser.
See the warning box above for the consequences if you disable Component Updater without deploying the Adobe Flash MSI in a timely manner.