On our Citrix servers we always tend to keep control of the plugins by updating them if possible, that goes for Oracle JAVA and of course Adobe Flash, but since update 21 Google Chrome has a strange behaviour in it’s built-in Flash plugin (FPP).
After every reboot or update it enables itself, very annoying. Google really should fix that because it’s a pain in the arse for quite some while and also the Flash plugin is out-dated, compared to our updated Adobe Flash plugin. Besides that FPP was exposed to several camera and/or audio related issues.
So yes but what now? If you open Google Chrome and type: chrome://plugins you’ll see a list of all plugins used in Google Chrome:
I’ve tried many ways to arrange that the FPP will be disabled at any time (even after a reboot or update), editting the Group Policy, removing the folder D:\Program Files (x86)\Google Chrome\PepperFlash and the above way by disabling in chrome://plugins.
Recently I found some Chromium flags (Chromium is the Open Source code for Google Chrome) which allows us to start Google Chrome with serveral commands, check them out here:
There’s a command that disables the bundled PPAPI version of Flash called: —disable-bundled-ppapi-flash
If you offer the desktop icon for Google Chrome by policy (or just the .lnk) then you’ll need to add an argument like you can see here:
Now after changing this you can check again for example the Rapid7 browserscan and you’ll notice an up-to-date Adobe Flash plugin being used and the FPP anymore. Hooray!