New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 100 users

Issue metadata

Status: Fixed
Closed: Feb 2017
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows
Pri: 1
Type: Bug-Regression

Blocked on:
issue 689778
issue 690077

Show other hotlists

Hotlists containing this issue:

Sign in to add a comment

Issue 686430: Please allow disabling Widevine/EME again

Reported by, Jan 28 2017

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.13 Safari/537.36

Steps to reproduce the problem:
Since this month, chrome://plugins is gone and all plugins are enabled as per  Issue 615738 .

If I visit a site that uses HTML EME, my display enables HDCP and content on the site is decrypted and starts playing.

What is the expected behavior?
If a site uses HTML EME, it should fail silently or with a cryptic error message about how I should enable the Widevine plugin.

What went wrong?
Please allow me to disable the Widevine plugin or HTML EME altogether.

Here are my reasons for disabling EME:
* When playing encrypted content, Chrome frequently (about every 20 minutes) crashes. When that happens, all my tabs go blank and rerender about half a second later.
* Encrypted content forces my display to use HDCP, which causes my screen to flash when it is enabled.
* When one of the gazillion tabs I have open uses EME, my HDMI splitter doesn't work anymore because of HDCP. I'm baffled that a web site can elicit this kind of change on my computer without any permissions necessary or a way to disable it.
* Lastly, I don't want other web developers who are checking the available APIs in my browser to think that HTML EME is widely available and can be deployed to no ill effect, for the reasons mentioned above. I hate DRM with a passion and I'm really angry that is has beem shoehorned into HTML to begin with.

All those things considered, I'm begging you to bring back a way to disable the Widevine plugin.

Did this work before? Yes 55?

Does this work in other browsers? N/A

Chrome version: 57.0.2987.13  Channel: dev
OS Version: 10.0
Flash Version: Shockwave Flash 24.0 r0

Comment 1 by, Jan 29 2017

Components: Internals>Media>Encrypted
Labels: Needs-Bisect Needs-Triage-M57

Comment 2 by, Jan 29 2017

Related to the chrome://plugins deprecation

"After the transition away from about:plugins Widevine will become enabled for everyone unless they delete it somehow or use the no binary component updates policy to prevent it from appearing in the first place"

"All other plugins (PDF, Widevine, Nacl), as well as custom plugins, should be treated as JavaScript."

Comment 3 by, Jan 29 2017

I'm pretty sure if you use a developer build of Chromium you don't have to include Widevine -- at least, I know I need to install this package separately to use Widevine with Arch Linux's chromium-dev package:

Comment 4 by, Jan 30 2017

Components: Internals>Plugins

Comment 5 by, Jan 30 2017

Labels: -Needs-Bisect
As per   Issue 615738 , this feature is intended, removing the needs bisect label

Comment 6 by, Jan 30 2017

- Your monitor flickering as soon as you enter a web page? Working as intended!
- You second monitor turns off as soon as you enter a web page? Working as intended!
- Your browser crashes randomly every 20 minutes? Working as intended!
- You can do nothing about it? Working as intended!

Comment 7 by, Jan 30 2017

Can somebody please give a test URL? I am running Chrome Canary (58.x) on MacOS and would like to see how that affects my VNC session (I am using a Mac in place "home" through a VNC connection from place "work").

Comment 8 by, Jan 30 2017

I don't see how increasing the attack surface of one of the most used pieces of software on a computer helps. It should always be possible to disable components that provide optional features. 
This goes double if the part is causing issues.

Comment 9 by, Jan 30 2017

Android UI offers Site settings -> Media -> Protected content. It defaults to "Ask first" (the enabled setting) and allows completely disabling it. Why not expose a similar option with at least "disable" and "enable" as options via content settings for the desktop? Ideally it could ask each time similar to the toggles for JavaScript, etc. but that might involve some real work.

Comment 10 by, Jan 30 2017

Regarding the feature being intended: I don't think anyone here is arguing against the deprecation of the NPAPI plugin system, or its settings page. However, it's deprecation has exposed this issue with Widevine/EME by causing a valid user-facing mitigation for some of its unwanted behavior to vanish.

Given the politically charged nature of DRM, and the finnicky nature of HDCP support on a wide variety of video cards and monitors, I think it's perfectly reasonable to expect non-power-users to occasionally need to disable the feature. +1 for some sort of a setting (perhaps just a simple boolean in chrome://flags ?) to turn it off.

Comment 11 by, Jan 30 2017

Comment 12 by, Jan 30 2017

Hey Julian: Do we have any thoughts on giving users a UI surface to disable Widevine like we did for PDF and Flash?

The Internet is unhappy:

I would personally be okay with a chrome://flags switch. Does the DisabledPlugins policy still work for Widevine?

Comment 13 by, Jan 30 2017


Comment 14 by, Jan 30 2017


Comment 15 by, Jan 30 2017

I, like "the internet" am also unhappy. I like having control of my computer and until Chrome can ensure that I'm off to Firefox.

Comment 16 by, Jan 31 2017

@12: Not suitable for chrome://flags (that is not an "advanced config" page, that's a "temporary beta testing, promote or die" page).

If this is going to be a setting, it needs to be an actual setting in the settings.

Comment 17 Deleted

Comment 18 Deleted

Comment 19 Deleted

Comment 20 by, Jan 31 2017

Status: Assigned (was: Unconfirmed)
My understanding from jschuh@ is we're OK with adding a content setting to disable.

Comment 21 by, Jan 31 2017


Comment 22 Deleted

Comment 23 Deleted

Comment 24 by, Jan 31 2017

Hi everyone! Please keep comments focused on the issue at hand. While there are good places to discuss the future of DRM or Flash, they're not this bug. Thanks!

Comment 25 by, Feb 2 2017

Want to have ability to disable browser plugins and to see them all as a list.
We need chrome://plugins workable.

Comment 26 by, Feb 2 2017

Inability to turn off any of the plugins is definitely a negative factor when deciding which browser to deploy in my company. I do not care if DRM video fails to play on those single-purpose business systems. But I do care that black-hearted will have an upper hand over IT for any piece of browser security. In finance IT it is a must to be able to tailor risks to the business task on the system. Especially now that so many internal and DevOps tools are being developed with and controlled via browser interfaces. I think it can be safely extended to other industries, like healthcare or government.

Comment 27 by, Feb 2 2017

Without an option to disable the legally charged black box of DRM there is zero chance of our organization either using or promoting the use of Chrome over competing browser solutions.  There are proven security holes within the DRM black box that must by definition exist, largely due to the user being considered an untrusted entity, but the question then becomes who is considered "trusted"?  For organizations, this must be their own IT department; for DRM, this must be a central authority which can authorize or deny access, and exfiltrate any data needed to make this determination.  As such, while DRM components are forcibly enabled on Chrome, this browser is inherently unsafe from an IT perspective and, worse, makes the underlying system unsafe as well.

Comment 28 by, Feb 2 2017

Labels: -Pri-2 ReleaseBlock-Stable M-57 M-58 Pri-1
Thanks everyone for your feedback, it was both thoughtful and well reasoned.

We are exploring options to add a content setting (chrome://settings/content) to disable EME, in the space of Chrome 57.  We'll update this issue as we make progress.

Comment 29 by, Feb 2 2017


Comment 30 by, Feb 7 2017

Project Member
The following revision refers to this bug:

commit 45f66398546e5f402fb9768e05c1321893dbee6b
Author: tommycli <>
Date: Tue Feb 07 18:53:27 2017

MD Settings: Make Protected Content setting available to all platforms.

The Protected Content setting has been re-designed to toggle DRM on all
platforms. This makes the setting available on all platforms.

This also updates the string to the new text.

MD Settings equivalent to this patch:

BUG= 686430 

Cr-Commit-Position: refs/heads/master@{#448680}


Comment 31 by, Feb 8 2017

Project Member
The following revision refers to this bug:

commit af445fb0a75d6811c0a8991becd79986e996d647
Author: xhwang <>
Date: Wed Feb 08 02:03:56 2017

media: Add string for enabling protected content

This CL only adds the string to enable protected content. The string is copied from with modifications. Landing it first so it could be localized. The CL that uses it will come shortly.

BUG= 686430 

Cr-Commit-Position: refs/heads/master@{#448851}


Comment 32 by, Feb 8 2017

Labels: Merge-Request-57
Request to merge the strings in #31 to M57. UI and code changes will come shortly.

Comment 33 by, Feb 8 2017

Project Member
Labels: merge-merged-2987
The following revision refers to this bug:

commit 78241e1d0a6f8b216bef8652cd27465ddb0afa57
Author: Xiaohan Wang <>
Date: Wed Feb 08 02:10:04 2017

media: Add string for enabling protected content

This CL only adds the string to enable protected content. The string is copied from with modifications. Landing it first so it could be localized. The CL that uses it will come shortly.

BUG= 686430 

Cr-Commit-Position: refs/heads/master@{#448851}
(cherry picked from commit af445fb0a75d6811c0a8991becd79986e996d647)

Review-Url: .
Cr-Commit-Position: refs/branch-heads/2987@{#377}
Cr-Branched-From: ad51088c0e8776e8dcd963dbe752c4035ba6dab6-refs/heads/master@{#444943}


Comment 34 by, Feb 8 2017

Blockedon: 689778

Comment 35 by, Feb 8 2017

Blockedon: 690077

Comment 36 by, Feb 8 2017

A friendly reminder that M57 Stable is launch is coming soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP so it gets enough baking time in Beta (before Stable promotion). Thank you!

Comment 37 by, Feb 9 2017

Project Member
Labels: -Merge-Request-57 Hotlist-Merge-Approved Merge-Approved-57
Your change meets the bar and is auto-approved for M57. Please go ahead and merge the CL to branch 2987 manually. Please contact milestone owner if you have questions.
Owners: amineer@(clank), cmasso@(bling), ketakid@(cros), govind@(desktop)

For more details visit - Your friendly Sheriffbot

Comment 38 by, Feb 9 2017

Cl @ comment #33 landed without approval but this is fine as per internal email discussion. Next time, please wait for approval. 

When do we expect UI and code changes to be landed on trunk? Please do not merge to M57 until change is well baked/verified in Canary. Thank you.

Comment 39 by, Feb 9 2017

non MD settings (needed for M57) changes have been confirmed across win/mac/cros on canary build 58.0.3007.0 (I did the testing, as did tommycli & xhwang).

Comment 40 by, Feb 9 2017

Thank you ericde@. Could you please merge non MD settings (needed for M57) change to M57 then? Thank you.

Comment 41 by, Feb 9 2017

over to tommycli@ to finish his merge - xhwang already merged his.

Comment 42 by, Feb 9 2017

Status: Fixed (was: Assigned)
It's merged! Thanks!

Comment 43 by, Feb 9 2017

Nothing else is pending for M57, correct? If yes, please remove "Merge-Approved-57" label. Thank you.

Comment 44 by, Feb 9 2017

Labels: -Merge-Approved-57 OS-Linux
I think we're good here.

Comment 45 by, Feb 13 2017

Thank you for the merge. Tracking bug for missing translation (bug 691731).

Comment 46 by, Feb 14 2017

Labels: TE-Verified-M58 TE-Verified-58.0.3012.0
Verified this issue on Windows 10, Ubuntu 14.04 and Mac 10.12.3 with chrome dev #58.0.3012.0.
As per comment #30, observed "Protected Content" under "chrome://md-settings/content"

Hence Adding TE-verified labels

Attaching the screencast for reference.
Issue 686430.mp4
590 KB View Download

Comment 47 by, Feb 15 2017

Labels: Needs-Feedback
Verified this issue on Windows 10, Ubuntu 14.04 and Mac 10.12.3 with chrome beta #57.0.2987.54 and didn't see any protected content setting under "chrome://md-settings/content"

Attaching the screen-cast for reference.

tommycli@ could you please look into it and let us know your observations.
Issue 686430-M57.mp4
1.2 MB View Download

Comment 48 by, Feb 15 2017

This is expected. In M57 the new setting is only available in the old settings page, not in the MD-settings.

Comment 49 by, Feb 15 2017

Labels: TE-Verified-57.0.2987.54 TE-Verified-M57
Verified this issue on Windows 10, Ubuntu 14.04 and Mac 10.12.3 with chrome beta #57.0.2987.54 and observed the protected content setting under "chrome://settings/content"

Attaching the screen-cast for reference.

Hence adding TE-verified labels.
Issue 686430 - M57.mp4
680 KB View Download

Comment 50 by, Feb 15 2017

Labels: -Needs-Feedback

Comment 51 Deleted

Comment 52 Deleted

Comment 53 Deleted

Comment 54 Deleted

Comment 55 Deleted

Comment 56 Deleted

Sign in to add a comment