Chrome 54 and Flash PPAPI distribution issue

Are there any updates to this issue?  We're currently sitting on 50,000+ computers that are not updating from 23.0.0.166 to 23.0.0.185.  Manually deleting the C:\Users\<userid>\AppData\Local\Google\Chrome\User Data\PepperFlash directory and relaunching Chrome updates Flash to 23.0.0.185, but it never updates on its own now that it isn't included in the Chrome 54 updater.  Going to chrome://components and clicking the 'Check for updates' button under Adobe Flash Player, I can see it download the update, but it never applies until the PepperFlash directory in each user's AppData is completely deleted.

Uninstalling/reinstalling Chrome does not remove this user data. 

Ultimately, this is an issue with Chrome.  It's their updater and distribution mechanism.  Effectively, we're just providing a DLL to Google.  The rest of it is Chrome.  We're relaying the complaints to Google, but a bug would be more effective in terms of facilitating tracking and follow-up, particularly if this is a pain-point for your organization.

I would highly recommend filing a Chrome bug with as much detail as possible:

https://bugs.chromium.org/p/chromium/issues/list

If you want to point me to the bug, I can make sure it gets on the radar.

I would recommend including a lot of detail about your environment -- how chrome is distributed in your organization, any administrative configurations that are non-default, special environmental considerations (remote user folders, etc.), effective permissions on the files under the problematic path, etc., so that the Chrome team can figure out what's unique about your environment and identify a better approach or workaround.

Wondering if you had any luck on the bug site Adobe suggested?  I looked but did not see a post from you.  I'm having the exact same issue but not on your scale...50,000 computers, thats a lot of unhappy people calling the IT department.  This post you made is the only thing I have found in my search for help on this issue except for one Google article that tells you how to manually update Flash but doesn't address what to do if it doesn't work.  I'm on a Mac, I would use your trick to manually delete the PepperFlash directory but I have no idea where it is on a Mac.  If anyone has some info on that it would be a big help!  Thanks for your post, at least I know it's not something I'm doing wrong.

To find where Chrome is loading the PPAPI plugin from do the following:

1. Launch Chrome
2. In the address field, enter chrome://plugins
3. In the upper right click the +Details button link to expand plugin details (if not already expanded)
4. Search for Adobe Flash Player
5. Look for the Location path entry

Since Google is now exclusively updating Flash Player via Component Updater, this should be the a location in the Users Library (e.g. Users/UserID/Library/Application Support/Google/Chrome/PepperFlash/23.0.0.185/PepperFlashPlayer.plugin)

If you don't see a bug for this issue at https://bugs.chromium.org/p/chromium/issues/list  please file the bug for it.

To my understanding, you shouldn't have to refresh the browser.  I'm not aware of a work-around and would recommend filing a bug with Google.

Hi amalhussein ,

As jeromiec83223024  states in comment #3 this is a Google issue, not Adobe.  We hand off the Flash Player to them and they are the ones that release to Chrome. We don't have any insight into their update mechanism. Here's a query for Flash Player bugs at bugs.chromium.org: Issues - chromium - An open-source project to help move the web forward. - Monorail   Based on the summary column, there does appear to be several bugs filed on this, or similar, issue.  Please review them and if one exists for your issue, add your comments, if not please file a new bug.

--

Maria

Thank you for the reply!  Unfortunately it appears that Flash is not installed at all, under location in plugins it states "internal-not-yet-present".  I will post a bug report with Google.  Thank you for the help!

In Chrome 54, Google no longer automatically installs Flash Player with a Chrome installation, or Chrome update and switched Flash Player installation to install using Component Updater.  Flash Player installation is delayed several minutes, or if the user goes to view Flash content, then Flash Player is downloaded immediately.  Sounds like this may not be happening, in which case, it would be a bug.  In the same browser you saw "internal-not-yet-present" what happens if you attempt to view Flash content?  It should download and install Flash immediately. If not, go to chrome://components and look for Adobe Flash Player and then click the 'Check for update' button.

Reference your question: "what happens if you attempt to view Flash content?" the browser shows the puzzle piece icon and says "Downloading" but I've left it over night and it never down loads.  I've also done the chrome://components download attempt and I get the same result, it never downloads. 

FYI, I did find a post on Google's bug site that was suggested by jeromiec83223024           ​ that detailed this issue.  That post may have been made by one of the posters on this thread.  I added my two cents on that bug post because everyone on it seemed to be on Windows platforms and I wanted them to know it is happening on Macs as well and on individual installs not just enterprise deployments.  Thanks for the reply and suggestions!

We had similar issues with Chrome 54 and flash player unable to load or plugin not found after we updated from chrome 53 to 54. We had inconsistent issues across the board where some computers with version 54 were working and some were not.

We then cross referenced the chrome version (chrome://version) and noticed the working computers had Flash version 23.0.0.205 and the non-working computers had Flash version 23.0.0.185. The next step we tried was to update the components in chrome (chrome://components), however, under Adobe Flash Player, it says the version is 0.0.0.0. We tried manually updating it by clicking the "Check for update" with no success. We also tried other methods by deleting the pepperflash directory and still failed to update. Uninstalled chrome 54 and reinstalled with no success.

We ran across another thread in google forum and someone complained about SEP (Symantec Enterprise Protection) so we temporarily disabled it and successfully updated the component to Flash version 23.0.0.205 and all is well on our end. I hope this helps other who are having similar issue.

Thank you katolunfadable! In our environment, I was not able to get this to work with SEP temporarily disabled. But it did work with SEP fully uninstalled!

I will be working with our SEP admin to open a case with Symantec.

Oh, that's a good call.  I usually mention A/V products when talking to consumers installation problems, but it rarely comes up in enterprise scenarios.

If Symantec engineering needs any information from us to help resolve this at a more generic level, please send them my way.  Feel free to shoot me a direct message through the forums with contact info (just cilck my name), and I'm always happy to get a conversation going.  We work fairly closely with the A/V industry to avoid installation issues (Flash has a *huge* deploy base, so updates trip all kind of alarms otherwise as new binaries proliferate quickly across massive amounts of their user-base, similar to what a new worm might look like...).

I'm not aware of a generic issue with any of the mainstream A/V vendors at this point, but we're always more than happy to help on those fronts.

Below is Symantec's response to the case we opened:

After reviewing this case and the available data (primarily the provided WPP logs) I have found that this is a known-issue with the SEP 12.1 and SEP 14 products. SEP is attempting to obtain a hash of the Adobe Flash Player file 'pepflashplayer.dll'; however, during the hash operation, Chrome is attempting to move the file from a temporary folder (where SEP is performing the hash) to Chrome's plugin folder; since SEP has a lock on the file, Chrome's move operation fails and the plugin update process aborts.

Symantec has identified a fix for this issue and is planning on including a resolution in the next release of SEP 12.1 and SEP 14, both due out early next year.

It is possible to work around this issue by disabling deferred scanning for AutoProtect; however, this is not generally recommended in production unless absolutely needed, as it disables scan throttling based on I/O activity.

For more information on disabling deferred scanning, please see the following KB document:

How to disable deferred scanning in Auto-Protect for Symantec Endpoint Protection
https://support.symantec.com/en_US/article.TECH224108.html

It is also possible to work around the issue by temporarily disabling SEP; however, this is a potential security issue, as you will be temporarily disabling the product from being able to scan files.

Here is the latest update from Symantec:

"I'm still monitoring our internal defect tracking system for updates. After discussion with our engineering release team, it has been determined that Symantec Endpoint Protection 12.1 will not contain a fix for this issue. The fix will only be available in SEP 14.0 MP1, which will be released later this month (February, 2017). It will be a full build and will follow the normal migration process for SEP (unchanged on the client side in 14.0 compared to 12.1). The fix cannot be delivered via LiveUpdate.

I'm continuing to watch for updates as they become available from development and will let you know once SEP 14.0 MP1 is available."

Thanks for the details JDEPA.

We have also ran into the same issues as well.

After removing components of SEP and doing a whole bunch of tests, Symantec still has not gotten back to us.

The only work around at the moment is still stop SEP and do the check update and then enable SEP again, which only works per user as its contained in each users Chrome folder.

Still considering the PPAPI contained Flash installer as an alternative but really do not want to manage another plugin installer.

Any updates from Symantec?

We gave up on SEP/Chrome Adobe Flash Player issue and went to the PPAPI route. We use to install standalone Flash Player Active X and NPAPI plugins only on our computers but after this reoccurring issue with SEP blocking the Chrome components to update the flash player - the PPAPI route seems to resolve it so far. We pushed out standalone Flash Player version 24.0.0.194 (ActiveX, NPAPI, and PPAPI) (configured for automatic updates) and I recently checked a few machines and all were able to update to 24.0.0.221.

For what it's worth, in the wake of installation problems related to the change to Chrome's update mechanism, Google modified Chrome to defer to Adobe's PPAPI installation, where it's present.  There are a number of reasons that Chrome's component updater may fail in specific enterprise environments, and using our installers to support Chrome is definitely now a requirement for some organizations.

We do provide PPAPI packages for system administrators as part of our redistribution program.  If you're already deploying for ActiveX and NPAPI, it's more stuff to manage, but most likely an incremental cost vs. a large undertaking for an entirely new installation workflow.