UserAgent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36

Steps to reproduce the problem:
N/A

What is the expected behavior?

What went wrong?
N/A

Did this work before? N/A 

Chrome version: 50.0.2661.102  Channel: stable
OS Version: 6.3
Flash Version: Shockwave Flash 21.0 r0

This issue was created to aid existing and future developers of Web applications that in some way depend on native code access.  I have done considerable efforts for doing this the “right way”; that is, through standardization in the W3C. However, the teams that could possibly be equipped with the required knowledge have to date declined dealing with such solutions since they are not considered a part of the “Open Web”.

The problem:
That NPAPI/ActiveX was deprecated is fine, what is less comforting is that this was done without an open discussion on possible replacements.

Anyway, Google have (unlike the other browser vendors), indeed created something that at least could qualify as a workaround: http://www.cnet.com/news/google-paves-over-hole-left-by-chrome-plug-in-ban/
Although a pretty interesting concept, this solution (Native Messaging), currently has considerable drawbacks including:
- Unknown future
- Not available for Android and iOS
IMO, mixing “in-browser” extensions with native code access is not really a great idea since both the security model and use-cases are quite different.

Just to make things even more fuzzy, Google is at the time of writing designing another cross-platform extension mechanism which (seems) to be limited to W3C Web Payments which IMO is rather short-sighted https://lists.w3.org/Archives/Public/public-payments-wg/2016May/0180.html
since native code access is useful (and used) for a very wide range of applications.

Unfortunately the confusion doesn’t stop there; in the W3C WebAppSec WG, access to local Web services is currently debated https://lists.w3.org/Archives/Public/public-webappsec/2016May/0006.html and may finally get a standardized solution.  I’m personally moderately fond of this scheme because it doesn’t provide called applications with a security context.

The solution:
An authoritative message on what Google consider the “most likely” solution that will enjoy continued support in Chrome.  This would be the de-facto standard in the absence of a real standard.