New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 686430 link

Starred by 100 users

Issue metadata

Status: Fixed
Closed: Feb 2017
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows
Pri: 1
Type: Bug-Regression

Blocked on:
issue 689778
issue 690077

Show other hotlists

Hotlists containing this issue:

Sign in to add a comment

Please allow disabling Widevine/EME again

Reported by, Jan 28 2017

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.13 Safari/537.36

Steps to reproduce the problem:
Since this month, chrome://plugins is gone and all plugins are enabled as per  Issue 615738 .

If I visit a site that uses HTML EME, my display enables HDCP and content on the site is decrypted and starts playing.

What is the expected behavior?
If a site uses HTML EME, it should fail silently or with a cryptic error message about how I should enable the Widevine plugin.

What went wrong?
Please allow me to disable the Widevine plugin or HTML EME altogether.

Here are my reasons for disabling EME:
* When playing encrypted content, Chrome frequently (about every 20 minutes) crashes. When that happens, all my tabs go blank and rerender about half a second later.
* Encrypted content forces my display to use HDCP, which causes my screen to flash when it is enabled.
* When one of the gazillion tabs I have open uses EME, my HDMI splitter doesn't work anymore because of HDCP. I'm baffled that a web site can elicit this kind of change on my computer without any permissions necessary or a way to disable it.
* Lastly, I don't want other web developers who are checking the available APIs in my browser to think that HTML EME is widely available and can be deployed to no ill effect, for the reasons mentioned above. I hate DRM with a passion and I'm really angry that is has beem shoehorned into HTML to begin with.

All those things considered, I'm begging you to bring back a way to disable the Widevine plugin.

Did this work before? Yes 55?

Does this work in other browsers? N/A

Chrome version: 57.0.2987.13  Channel: dev
OS Version: 10.0
Flash Version: Shockwave Flash 24.0 r0
Components: Internals>Media>Encrypted
Labels: Needs-Bisect Needs-Triage-M57

Comment 2 by, Jan 29 2017

Related to the chrome://plugins deprecation

"After the transition away from about:plugins Widevine will become enabled for everyone unless they delete it somehow or use the no binary component updates policy to prevent it from appearing in the first place"

"All other plugins (PDF, Widevine, Nacl), as well as custom plugins, should be treated as JavaScript."

Comment 3 by, Jan 29 2017

I'm pretty sure if you use a developer build of Chromium you don't have to include Widevine -- at least, I know I need to install this package separately to use Widevine with Arch Linux's chromium-dev package:

Comment 4 by, Jan 30 2017

Components: Internals>Plugins
Labels: -Needs-Bisect
As per   Issue 615738 , this feature is intended, removing the needs bisect label
- Your monitor flickering as soon as you enter a web page? Working as intended!
- You second monitor turns off as soon as you enter a web page? Working as intended!
- Your browser crashes randomly every 20 minutes? Working as intended!
- You can do nothing about it? Working as intended!

Can somebody please give a test URL? I am running Chrome Canary (58.x) on MacOS and would like to see how that affects my VNC session (I am using a Mac in place "home" through a VNC connection from place "work").
I don't see how increasing the attack surface of one of the most used pieces of software on a computer helps. It should always be possible to disable components that provide optional features. 
This goes double if the part is causing issues. 
Android UI offers Site settings -> Media -> Protected content. It defaults to "Ask first" (the enabled setting) and allows completely disabling it. Why not expose a similar option with at least "disable" and "enable" as options via content settings for the desktop? Ideally it could ask each time similar to the toggles for JavaScript, etc. but that might involve some real work.
Regarding the feature being intended: I don't think anyone here is arguing against the deprecation of the NPAPI plugin system, or its settings page. However, it's deprecation has exposed this issue with Widevine/EME by causing a valid user-facing mitigation for some of its unwanted behavior to vanish.

Given the politically charged nature of DRM, and the finnicky nature of HDCP support on a wide variety of video cards and monitors, I think it's perfectly reasonable to expect non-power-users to occasionally need to disable the feature. +1 for some sort of a setting (perhaps just a simple boolean in chrome://flags ?) to turn it off.

Comment 11 by, Jan 30 2017

Test URL:

Hey Julian: Do we have any thoughts on giving users a UI surface to disable Widevine like we did for PDF and Flash?

The Internet is unhappy:

I would personally be okay with a chrome://flags switch. Does the DisabledPlugins policy still work for Widevine?

Comment 15 by, Jan 30 2017

I, like "the internet" am also unhappy. I like having control of my computer and until Chrome can ensure that I'm off to Firefox.
@12: Not suitable for chrome://flags (that is not an "advanced config" page, that's a "temporary beta testing, promote or die" page).

If this is going to be a setting, it needs to be an actual setting in the settings.

Comment 17 Deleted

Comment 18 Deleted

Comment 19 Deleted

Status: Assigned (was: Unconfirmed)
My understanding from jschuh@ is we're OK with adding a content setting to disable.

Comment 22 Deleted

Comment 23 Deleted

Hi everyone! Please keep comments focused on the issue at hand. While there are good places to discuss the future of DRM or Flash, they're not this bug. Thanks!

Comment 25 by, Feb 2 2017

Want to have ability to disable browser plugins and to see them all as a list.
We need chrome://plugins workable.

Comment 26 by, Feb 2 2017

Inability to turn off any of the plugins is definitely a negative factor when deciding which browser to deploy in my company. I do not care if DRM video fails to play on those single-purpose business systems. But I do care that black-hearted will have an upper hand over IT for any piece of browser security. In finance IT it is a must to be able to tailor risks to the business task on the system. Especially now that so many internal and DevOps tools are being developed with and controlled via browser interfaces. I think it can be safely extended to other industries, like healthcare or government.
Without an option to disable the legally charged black box of DRM there is zero chance of our organization either using or promoting the use of Chrome over competing browser solutions.  There are proven security holes within the DRM black box that must by definition exist, largely due to the user being considered an untrusted entity, but the question then becomes who is considered "trusted"?  For organizations, this must be their own IT department; for DRM, this must be a central authority which can authorize or deny access, and exfiltrate any data needed to make this determination.  As such, while DRM components are forcibly enabled on Chrome, this browser is inherently unsafe from an IT perspective and, worse, makes the underlying system unsafe as well.
Labels: -Pri-2 ReleaseBlock-Stable M-57 M-58 Pri-1
Thanks everyone for your feedback, it was both thoughtful and well reasoned.

We are exploring options to add a content setting (chrome://settings/content) to disable EME, in the space of Chrome 57.  We'll update this issue as we make progress.
Project Member

Comment 30 by, Feb 7 2017

The following revision refers to this bug:

commit 45f66398546e5f402fb9768e05c1321893dbee6b
Author: tommycli <>
Date: Tue Feb 07 18:53:27 2017

MD Settings: Make Protected Content setting available to all platforms.

The Protected Content setting has been re-designed to toggle DRM on all
platforms. This makes the setting available on all platforms.

This also updates the string to the new text.

MD Settings equivalent to this patch:

BUG= 686430 

Cr-Commit-Position: refs/heads/master@{#448680}


Project Member

Comment 31 by, Feb 8 2017

The following revision refers to this bug:

commit af445fb0a75d6811c0a8991becd79986e996d647
Author: xhwang <>
Date: Wed Feb 08 02:03:56 2017

media: Add string for enabling protected content

This CL only adds the string to enable protected content. The string is copied from with modifications. Landing it first so it could be localized. The CL that uses it will come shortly.

BUG= 686430 

Cr-Commit-Position: refs/heads/master@{#448851}


Labels: Merge-Request-57
Request to merge the strings in #31 to M57. UI and code changes will come shortly.
Project Member

Comment 33 by, Feb 8 2017

Labels: merge-merged-2987
The following revision refers to this bug:

commit 78241e1d0a6f8b216bef8652cd27465ddb0afa57
Author: Xiaohan Wang <>
Date: Wed Feb 08 02:10:04 2017

media: Add string for enabling protected content

This CL only adds the string to enable protected content. The string is copied from with modifications. Landing it first so it could be localized. The CL that uses it will come shortly.

BUG= 686430 

Cr-Commit-Position: refs/heads/master@{#448851}
(cherry picked from commit af445fb0a75d6811c0a8991becd79986e996d647)

Review-Url: .
Cr-Commit-Position: refs/branch-heads/2987@{#377}
Cr-Branched-From: ad51088c0e8776e8dcd963dbe752c4035ba6dab6-refs/heads/master@{#444943}


Blockedon: 689778
Blockedon: 690077
A friendly reminder that M57 Stable is launch is coming soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP so it gets enough baking time in Beta (before Stable promotion). Thank you!

Project Member

Comment 37 by, Feb 9 2017

Labels: -Merge-Request-57 Hotlist-Merge-Approved Merge-Approved-57
Your change meets the bar and is auto-approved for M57. Please go ahead and merge the CL to branch 2987 manually. Please contact milestone owner if you have questions.
Owners: amineer@(clank), cmasso@(bling), ketakid@(cros), govind@(desktop)

For more details visit - Your friendly Sheriffbot
Cl @ comment #33 landed without approval but this is fine as per internal email discussion. Next time, please wait for approval. 

When do we expect UI and code changes to be landed on trunk? Please do not merge to M57 until change is well baked/verified in Canary. Thank you.

Comment 39 by, Feb 9 2017

non MD settings (needed for M57) changes have been confirmed across win/mac/cros on canary build 58.0.3007.0 (I did the testing, as did tommycli & xhwang). 
Thank you ericde@. Could you please merge non MD settings (needed for M57) change to M57 then? Thank you.

Comment 41 by, Feb 9 2017

over to tommycli@ to finish his merge - xhwang already merged his.
Status: Fixed (was: Assigned)
It's merged! Thanks!
Nothing else is pending for M57, correct? If yes, please remove "Merge-Approved-57" label. Thank you.

Labels: -Merge-Approved-57 OS-Linux
I think we're good here.
Thank you for the merge. Tracking bug for missing translation (bug 691731).
Labels: TE-Verified-M58 TE-Verified-58.0.3012.0
Verified this issue on Windows 10, Ubuntu 14.04 and Mac 10.12.3 with chrome dev #58.0.3012.0.
As per comment #30, observed "Protected Content" under "chrome://md-settings/content"

Hence Adding TE-verified labels

Attaching the screencast for reference.
Issue 686430.mp4
590 KB View Download
Labels: Needs-Feedback
Verified this issue on Windows 10, Ubuntu 14.04 and Mac 10.12.3 with chrome beta #57.0.2987.54 and didn't see any protected content setting under "chrome://md-settings/content"

Attaching the screen-cast for reference.

tommycli@ could you please look into it and let us know your observations.

Issue 686430-M57.mp4
1.2 MB View Download
This is expected. In M57 the new setting is only available in the old settings page, not in the MD-settings.
Labels: TE-Verified-57.0.2987.54 TE-Verified-M57
Verified this issue on Windows 10, Ubuntu 14.04 and Mac 10.12.3 with chrome beta #57.0.2987.54 and observed the protected content setting under "chrome://settings/content"

Attaching the screen-cast for reference.

Hence adding TE-verified labels.
Issue 686430 - M57.mp4
680 KB View Download
Labels: -Needs-Feedback

Comment 51 Deleted

Comment 52 Deleted

Comment 53 Deleted

Comment 54 Deleted

Comment 55 Deleted

Comment 56 Deleted

Sign in to add a comment