My favorites | Sign in
Project Home Downloads Wiki Issues Code Search
New issue   Search
  Advanced search   Search tips   Subscriptions
Issue 137388: Chrome:plugins reports latest java is out of date
96 people starred this issue and may be notified of changes. Back to list
Reported by, Jul 14, 2012
Chrome Version       : 21.0.1180.41
OS Version: 
URLs (if applicable) :
Other browsers tested:
  Add OK or FAIL after other browsers where you have tested this issue:
     Safari 5: N/A
  Firefox 14.x: OK
     IE 7/8/9: N/A

What steps will reproduce the problem?
1.Install google chrome 21 beta
2.Install oracle java 7 update 5

What is the expected result?
Java works and is not blocked for being out of date, since this is the latest version of java.

What happens instead?
When running a java applet chrome blocks it saying its out of date. chrome:plugins says it needs a "critical security update", which makes no sense as I am fully updates.

Please provide any additional information below. Attach a screenshot if

UserAgentString: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.41 Safari/537.1

This works fine in chrome stable 20, java is not reported out of date here. I've been able to replicate this in chrome 21 beta with clean install/new profile.

Running latest java:
brandon@brandon-U52F:~$ java -version
java version "1.7.0_05"
Java(TM) SE Runtime Environment (build 1.7.0_05-b05)
Java HotSpot(TM) 64-Bit Server VM (build 23.1-b03, mixed mode)

Chrome:plugins screenshot:

Screenshot from 2012-07-14 15:41:00.png
170 KB   View   Download
Jul 17, 2012
I'm able to reproduce the issue on Chrome21.0.1180.48, 22.0.1209.0/ Ubuntu10.04(64bit)
Status: Untriaged
Labels: -Area-Undefined Feature-Plugins
Jul 19, 2012
The latest java is actually 1.7.0_05-b06 (not -b05: but even then Chrome thinks it's out-of-date.
Jul 19, 2012
Btw. using 22.0.1207.1 (dev).
Jul 19, 2012
I'm seeing this in chromium 22.0.1212.0 (build 147430) with java 1.7.0_05-b05. apparently doesn't detect the build number after the hyphen and said I was running the latest version. 

After downloading the latest full Windows installer for java, it complained that I already had java installed and asked if I wanted to install it again anyway. I did. After installing with the latest download, java self reports as version 1.7.0_05-b06. reported both -b05 and -b06 as: "Congratulations! You have the recommended Java installed (Version 7 Update 5)."

about:plugins reports both -b05 and -b06 as needing an update. It is reporting that I'm running Java (for -b06; for -b05) and put the numbers in read with text that said "Download Critical Security Update." This is based on the version that both C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll and C:\WINDOWS\system32\npDeployJava1.dll self report.

Is the plugin version checker hardcoded to look for specific versions? I.e. 6.x or 7.x instead of the 10.x that the 2 files are reporting?

I don't remember seeing this a week or so ago. 
Jul 19, 2012
I meant to include that I see this on Windows XP.
Jul 19, 2012
Well that's interesting. On Windows 7 with both -b05 and -b06 I saw no update notification at all. And it's reporting "" (for both) in chrome://plugins - not "".
Jul 19, 2012
diblidabliduu: Do you have the 32-bit or 64-bit java installed? I have the 32-bit version. 
Jul 20, 2012
32, yeah
Jul 20, 2012
I think this is a dup of  issue 133621 
Jul 21, 2012
Hm, it seems we're not recognizing the version number?
Status: Assigned
Jul 21, 2012
 Issue 124172  has been merged into this issue.
Jul 22, 2012
Isn't the problem here just that the JRE plugin is reporting itself as "" on Win 7 and "1.7.0_05" on Arch (Linux)?

So if Chrome uses the same number for both, then of course it's gonna report the Linux plugin to be out of date.
Aug 3, 2012
I can see this on two different Windows 7 x64 computers too.

In both cases I have the absolute latest Java 1.7 (tried with JDK and JRE, same thing).

In both cases I run the latest dev Chrome (22.0.1221.0 dev-m at the moment).

Going to about:plugins does show something weird: Java version is reported as
Aug 3, 2012
I'm not sure if it is arch related.

Linux x64 (openSUSE 12.1) / Chromium 22.0.1190.0 (144885) / Java x64 1.7 u5 (latest version available at

Java version is reported as 1.7.0_05 at about:plugins, but Chromium report my plugin as out of date.
Aug 4, 2012
Issue is present with latest stable version as well Chrome 21.0.1180.60 m on Windows 7 x64 SP1.
Going to chrome://plugins says 
Java (2 files) - Version: Download Critical Security Update
Next Generation Java Plug-in 10.5.0 for Mozilla browsers

This is the latest version of Java 1.7.05. 

Uninstalling Java and reinstalling doesn't fix the issue.
Aug 6, 2012

Java - Version: 1.7.0_05 Download Critical Security Update
Java plug-in for NPAPI-based browsers.
Name:	Java(TM) Plug-in 1.7.0_05
Description:	Java plug-in for NPAPI-based browsers.
Version:	1.7.0_05
Location:	/opt/java/64/jre1.7.0_05/lib/amd64/

Above line appears in chrome:plugins 
running Opensuse 12.1
Chromium Version 22.0.1190.0 (144885)

Replication: constant / all java web applets

Even with the 'Run Always' option ticked in chrome:plugins the version is reported constantly as blocked and out of date.

No amount of removing / re-installing / different version etc fixes this issue.
Aug 7, 2012
It turns out that (at least here, on Linux) Chrome does not detect Java 6 Update 33 as outdated, which reports 1.6.0_33, while 1.7.0_05 is considered outdated. Maybe that helps.
Aug 7, 2012
Same problem here, 1.7.0_05 x64 (Java SE 7 update 05) reported as out-of-date.

Java - Version: 1.7.0_05
Java plug-in for NPAPI-based browsers.
Name:	Java(TM) Plug-in 1.7.0_05
Description:	Java plug-in for NPAPI-based browsers.
Version:	1.7.0_05
Location:	/usr/local/jdk1.7.0_05/jre/lib/amd64/

Aug 8, 2012
KUbuntu 12.04 getting:

Java - Version: 1.7.0_05 Download Critical Security Update

I also tested it with the JDK 1.7.0._03 and got the same error message.
Glad I found this because I thought I was doing something wrong and have re-installed the JRE and Chrome about 5 times this evening.

Chrome Version 21.0.1180.75

You can go to the Java website and run the test and it verifies that you have the latest version, but only after you tell Chrome to allow plugin to "run this time".
Aug 9, 2012
Same problem here on Chrome Beta 64-bit on Ubuntu 12.04, with the latest Java 7 version 5 installed (all updated to the latest versions as of this morning).
Aug 9, 2012
 Issue 141070  has been merged into this issue.
Aug 13, 2012
I have the same crap on a completely fresh install of Windows 7 SP1 x64, Chrome version 21.0.1180.77 m

Java (2 files) - Verze: Stáhnout důležitou aktualizaci zabezpečení
Next Generation Java Plug-in 10.5.0 for Mozilla browsers
Jméno:	Java(TM) Platform SE 7 U5
Popis:	Next Generation Java Plug-in 10.5.0 for Mozilla browsers
Umístění:	C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

Please, disable these broken checks if you cannot get them right.
Aug 17, 2012
Same problem: Chrome 21.0.1180.79, Java Plug-in, WIndows 7 Pro x64 SP1. Java site insists Jave plug-in is up to date; Chrome insists it's not (and about:plugins says "Download Critical Security Update" for the Java plug-in).
Aug 17, 2012
Addendum: I do not have JavaFX installed. The only Java software I have is Java 7 Update 5.
Aug 17, 2012
#26: Not having JavaFX installed was the actual reason for me having these problems in the first place. It seems to be part of at least some, however not all, Java installation packages. See #12 in  Issue 133621 .
Aug 18, 2012
Issue is resolved by installing the now, latest Java 1.7.06.
Going to chrome://plugins says 
Java (2 files) - Version:
Next Generation Java Plug-in 10.6.2 for Mozilla browsers
Aug 20, 2012
The same issue still at least in Ubuntu for 1.7.0_08

Java Download Critical Security Update
Java plug-in for NPAPI-based browsers.
Name:	Java Plug-in 1.7.0_08
Description:	Java plug-in for NPAPI-based browsers.

Aug 22, 2012
Still happening with latest stable Chrome(21.0.1180.81) and latest Java (1.7.0_06)

Java - Version: 1.7.0_06 Download Critical Security Update
Java plug-in for NPAPI-based browsers.
Name:	Java(TM) Plug-in 1.7.0_06
Description:	Java plug-in for NPAPI-based browsers.
Version:	1.7.0_06
Location:	/usr/lib/jvm/java-7-oracle/jre/lib/amd64/

Aug 22, 2012
If you want to bicker with other users, find a forum somewhere; our bug system is not the place.

I'm deleting all the pointless comments here, and if they continue I'm going to lock the bug against future comments.
Aug 22, 2012
i dont have this problem at all on my windows machine with chrome 21/java7 (and I don't even have javafx installed)
Aug 22, 2012
+cevans; is this related to the IcedTea version issues?
Aug 22, 2012
Hey, guys

I found how to fix this one. In src/chrome/browser/resources/plugin_metadata/plugins_linux.json latest java version is specified as By version comparison rules is greater than 1.7.0_05 and 1.7.0_06, so browser thinks that plugin is out of date. Just addding 1.7.0_06 to this file fixes the problem.
Aug 22, 2012
This is actually fixed in; for some reason bugdroid didn't pick it up yet.

For the commenters here, please note that it will take a while before the fix will appear on stable. Also, if you're experiencing this on Windows, it's most likely  issue 133621 ; they're completely separate.
Status: Fixed
Aug 24, 2012
@bauerb: if the fix is safe, I can merge it to stable sooner ;-)
For now, marking as merge to M22.
Labels: Mstone-22 Merge-Approved
Aug 28, 2012
Did this happen?  If it's not following the security flow, please send these to me for approval.
Status: Started
Aug 28, 2012
Requesting merge!
Status: FixUnreleased
Labels: -Merge-Approved Merge-Requested
Aug 28, 2012
Many thanks :)
Labels: -Merge-Requested Merge-Approved
Sep 2, 2012
icedtea plugin out of date error on lubuntu running chrome - not fixed by recent updates.
Sep 2, 2012
You'll need to state the version of Chrome.
Sep 5, 2012
I have just installed Oracle Java 1.7.0_07 64bit on Manjaro Linux and have the same error. Java detected as out of date on Chromium, runs normally on Firefox. 
Sep 5, 2012
Edit. Chromium Version 21.0.1180.89 (154005)
Sep 5, 2012
r155043 for Chrome M22 beta.
Labels: -Merge-Approved Merge-Merged
Sep 6, 2012
This is fixed in the current unstable update.  v23.  yum install google-chrome-unstable
Sep 20, 2012
I'm running Google Chrome Version 21.0.1180.89 and Java java version "1.7.0_07"
Java(TM) SE Runtime Environment (build 1.7.0_07-b10) and I'm getting the same error message.  Chrome://plugins reports

Java - Version: 1.7.0_07 Download Critical Security Update
Java plug-in for NPAPI-based browsers.
Sep 20, 2012
This is fixed in versions 22 and up. Version 21 doesn't have the fix yet.
Sep 20, 2012
Good, but where can I get versions other than 21?  I just re-downloaded the latest debian package and I still get 21.
Sep 20, 2012
For version 22 you need to use the beta channel:
Sep 20, 2012
Many thanks for the quick response.  Any ideas on when the fix will be rolled into the production version or when will 22 come out as stable?
Sep 25, 2012
Seems to be fixed in 22.0.1229.79.
Sep 25, 2012
@timppis: thanks for checking in to confirm! Sorry for any inconvenience.
Status: Fixed
Nov 24, 2012
I'm still getting the error in Version 23.0.1271.64...

can anybody please check and let me know, if the issue has actually been solved. I'm getting the error on

other details: os: windows 7, 64 bit architecture, 4 gb ram if they are useful.
Nov 24, 2012
#62: You only get the error on that site? What does it say on chrome://plugins then?

I tried couple of random games, no error from Chrome itself but the games didn't actually work (23.0.1271.64, Java 1.7.0_09). This sounds more like a problem with the Java version(s)?
Nov 27, 2012
I also have the java plug in problem. Tried all suggestions without a fix.
On about/plugins Java doesn't even show! Yet when I try a reinstall Java reports the latest version IS installed.

Dec 1, 2012
IcedTea - Version: 1.3.1
Chromium 23.0.1271.95 
3.6.8-1-ARCH #1 SMP PREEMPT Mon Nov 26 22:10:40 CET 2012 x86_64 GNU/Linux

Chromium reports icedtea to "Download Critical Security Update" 
how can I fix this ?

Dec 2, 2012
The below is an edited "chrome://plugins" 
Error caused by "Version" having a bracket? 
or the naming of jpi-version=1.7.0_50 - being "_50" like some above said? 
either way could someone please confirm how I can manually change/edit to remove the ")"
IcedTea - Version: 1.3.1) Download Critical Security Update (Disabled)
Name:	IcedTea-Web Plugin (using IcedTea-Web 1.3.1)
Version:	1.3.1)
Location:	/usr/lib/jvm/java-7-openjdk/lib/
application/x-java-applet;jpi-version=1.7.0_50	IcedTea	
1.9 KB   View   Download
Dec 8, 2012
per the above comments:
Comment 42 by, Aug 22, 2012
Hey, guys

I found how to fix this one. In src/chrome/browser/resources/plugin_metadata/plugins_linux.json latest java version is specified as By version comparison rules is greater than 1.7.0_05 and 1.7.0_06, so browser thinks that plugin is out of date. Just addding 1.7.0_06 to this file fixes the problem.
Comment 43 by, Aug 22, 2012
This is actually fixed in; for some reason bugdroid didn't pick it up yet.

For the commenters here, please note that it will take a while before the fix will appear on stable. Also, if you're experiencing this on Windows, it's most likely   issue 133621  ; they're completely separate.

Can anyone give clear and complete instructions for a manual fix to this issue? I would appreciate it very much.
Dec 20, 2012
Hi everyone,

as there are Windows mentioned here as well, there is a solution that helped me: 

* Disable the Java plugin in Chrome and close Chrome. 
* Uninstall all Java from computer (aka Control Panel -> Remove applications -> anything Java-like -> uninstall). 
* Download latest installer of Java (not for Chrome, for all Windows).
* Once it's installed, at plugins page in Chrome, there should be correct Java version now. 

* It sometimes happens, that visiting a page shows (again) notice about update requirement, however, now the update processes correctly (You are asked to re-install Java once You download chromeinstall*.exe and run it, so do it). After the update, Chrome needs to be restarted one more times, then everything works...
Mar 10, 2013
(No comment was entered for this change.)
Labels: -Feature-Plugins -Mstone-22 M-22 Cr-Content-Plugins
Apr 5, 2013
(No comment was entered for this change.)
Labels: Cr-Blink
Apr 5, 2013
(No comment was entered for this change.)
Labels: -Cr-Content-Plugins Cr-Internals-Plugins
Apr 26, 2013
Still a problem on Google Chrome 26.0.1410.63.
Apr 26, 2013
Same here. Chrome 26.0.1410.63, Java Plug-in 1.7.0_21.
Apr 28, 2013
I too have this problem...about time to fix this? Bug was issued july 2012...
Chromium 25.0.1364.160, Java Plug-in 1.7.0_21

Apr 29, 2013
#75 vkudak
Chrome 26.0.1410.63
java 1.7.0_21 
Plugin out of date.
OS Linux x64
Apr 29, 2013
Could someone who still has this issue go to chrome://plugins, make sure "Details" on the top right is expanded, save the page as HTML and attach it here? Thanks!
Apr 29, 2013
here you go

238 KB   View   Download
Apr 29, 2013
Interesting... it seems Java doesn't expose its version number in the description anymore. We might need to parse it from the name instead.
Apr 29, 2013
(No comment was entered for this change.)
Status: Assigned
Apr 29, 2013
I am running 64bit chrome dev on ubuntu 12.04 amd64.
chrome version: 28.0.1485.0 dev
java plugin: 1.7.0_21 (64bit)

All was working until the most recent version of chrome dev update.
Let me know if I can provide any details. I have attached my plug-ins.html file as well.

237 KB   View   Download
May 1, 2013
 Issue 237152  has been merged into this issue.
May 2, 2013
Just to say I am also on ubuntu 12.04 amd64 and have the exact same problem.  I was on the precise stable version 25, and then tried 27.0.1453.6 Ubuntu 12.04 (191032).

I tried re-installing java 21 to no avail.  I also have a Linux Mint Debian system that has the same fault with another version of Chromium.

May 4, 2013
Wondering how many more years and bugs filed will it take to drop this stupid kind of checks.

May 4, 2013
#83: This kind of "stupid" check will stay for as long as Java stays as one of the biggest security vulnerabilities.
May 7, 2013
 Issue 234646  has been merged into this issue.
May 8, 2013
Not sure it it's related, but on a side note to comment #78 that "Java doesn't expose its version number in the description anymore", I can mention that when building with "oab-java" from (which is a wrapper around the debian packaging scripts from, there will now be a bunch of warnings in the log like this:

dpkg-shlibdeps: warning: Can't extract name and version from library name `'

The warnings arise from both java 6 and 7 builds...  I attached the build part of a log if anyone are interested in the details...
49.5 KB   View   Download
May 14, 2013
When I start using a console, the following is printed while starting to run the plugin.

ERROR: Didn't find JVM under /home/user/.mozilla/plugins
/chrome/chrome --type=plugin --plugin-path=/home/user/.mozilla/plugins/ --lang=en-US --channel=17634.107.2049869839: ../../../../src/plugin/solaris/plugin2/common/JavaVM.c:170: InitializeJVM: Assertion `foundJVM' failed.
[69:69:0503/] PluginMsg_Init returned false
[69:69:0503/] Couldn't initialize plug-in

about:plugins states the following information:

Java(TM) Download Critical Security Update
Java plug-in for NPAPI-based browsers.
Name:	Java Plug-in 1.7.0_21
Description:	Java plug-in for NPAPI-based browsers.
Location:	/home/user/.mozilla/plugins/
MIME types:	
MIME type	Description	File extensions
application/x-java-vm	Java™ Plug-in	
application/x-java-applet	Java™ Plug-in Applet	
application/x-java-bean	Java™ Plug-in JavaBeans	
application/x-java-applet;version=1.1	Java™ Plug-in	
application/x-java-bean;version=1.1	Java™ Plug-in	
application/x-java-applet;version=1.1.1	Java™ Plug-in	
application/x-java-bean;version=1.1.1	Java™ Plug-in	
application/x-java-applet;version=1.1.2	Java™ Plug-in	
application/x-java-bean;version=1.1.2	Java™ Plug-in	
application/x-java-applet;version=1.1.3	Java™ Plug-in	
application/x-java-bean;version=1.1.3	Java™ Plug-in	
application/x-java-applet;version=1.2	Java™ Plug-in	
application/x-java-bean;version=1.2	Java™ Plug-in	
application/x-java-applet;version=1.2.1	Java™ Plug-in	
application/x-java-bean;version=1.2.1	Java™ Plug-in	
application/x-java-applet;version=1.2.2	Java™ Plug-in	
application/x-java-bean;version=1.2.2	Java™ Plug-in	
application/x-java-applet;version=1.3	Java™ Plug-in	
application/x-java-bean;version=1.3	Java™ Plug-in	
application/x-java-applet;version=1.3.1	Java™ Plug-in	
application/x-java-bean;version=1.3.1	Java™ Plug-in	
application/x-java-applet;version=1.4	Java™ Plug-in	
application/x-java-bean;version=1.4	Java™ Plug-in	
application/x-java-applet;version=1.4.1	Java™ Plug-in	
application/x-java-bean;version=1.4.1	Java™ Plug-in	
application/x-java-applet;version=1.4.2	Java™ Plug-in	
application/x-java-bean;version=1.4.2	Java™ Plug-in	
application/x-java-applet;version=1.5	Java™ Plug-in	
application/x-java-bean;version=1.5	Java™ Plug-in	
application/x-java-applet;version=1.6	Java™ Plug-in	
application/x-java-bean;version=1.6	Java™ Plug-in	
application/x-java-applet;version=1.7	Java™ Plug-in	
application/x-java-bean;version=1.7	Java™ Plug-in	
application/x-java-applet;jpi-version=1.7.0_21	Java™ Plug-in	
application/x-java-bean;jpi-version=1.7.0_21	Java™ Plug-in	
application/x-java-applet;deploy=10.21.2	Java™ Plug-in	
application/x-java-vm-npruntime	Java™ Plug-in	

Version is: 

Google Chrome	28.0.1500.11 (Official Build 199640) dev
OS	Linux 
Blink	537.36 (@149738)
JavaScript	V8
Flash	11.7.700.202
User Agent	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.11 Safari/537.36
Command Line	 /usr/bin/google-chrome --flag-switches-begin --enable-sync-favicons --sync-keystore-encryption --flag-switches-end
Executable Path	/opt/google/chrome/google-chrome
Profile Path	/home/user/.config/google-chrome/Default

May 14, 2013
I'm on the dev channel, same deal...

However, I get mixed results here;

17.9 KB   View   Download
10.0 KB   View   Download
3.5 KB   View   Download
May 14, 2013
Should note that I'm certain I have the latest Java installed for Chrome...
May 14, 2013
... Closed Chrome running in the system tray, reinstalled chromeinstall-7u21.exe, problem solved. :\
May 21, 2013
Today upgraded to Chrome Stable Version 27.0.1453.93 on Ubuntu 13.04 with Java Java Plug-in 1.7.0_21, and the problem is still present. Reading through the comments I can not figure out if a fix should appear in V27 or V28 of chromium/chrome.

Just for context. My bank uses Java applications for authentication. As it is right now I can only use my private banking with Firefox and to get my company pages to load, I need to reboot in to Windows. Please let me know if I can be of assistance to close this issue asap
242 KB   View   Download
May 22, 2013
@91: For sure not in yet V27 of Chrome. I'm also still getting it, but that's no surprise since nobody has said it is fixed yet? (27.0.1453.93, Java 1.7.0_21)

What comes to your bank and not being able to use it: don't you get the "Run this time" notification?
May 22, 2013
I interpreted #76, #78 and #79 as if bauerb@ was working on a fix and #80 as if something had happened in V28. My posting was more a sign of my frustration that I had just received stable V.27 and I would have to wait a couple of months for next stable release. Apologies. I like chrome and chromium and voted for chromium to become the standard browser of Ubuntu.

As for my bank, it is a two-step verification process and "Run this time" works to get the process started but when the second step is executed the dialog comes up and I click "Run this time", the break is interpreted as I try to tamper with the process and hence fails. 
May 22, 2013
There are two different issues here: The first is that an up-to-date version of Java is considered out of date, which makes Chrome warn about it every time (for an up-to-date version, you can choose to allow it always on a given site). For this there a some workarounds besides "Run this time" (start Chrome with --allow-outdated-plugins, for example).

The other issue is that Java immediately crashes upon starting, which can look like the first issue (they show similar placeholders, and in particular people can run into both at the same time, where they first get an infobar, then they run Java and it immediately crashes). That may have been caused by a recent regression that has been fixed already (in r199158).
May 27, 2013
Java does not crash anymore with "Google Chrome 29.0.1516.3 (Official Build 201887) dev".

It remains that the plugin is falsely considered as "out of date".
Jun 1, 2013
The same problem with 26.0.1410.65 Mageia.Org 3 (193261) and java version "1.7.0_21". 
I just hope the fix will come soon.

Jun 6, 2013
#97 jesper.reenberg
I'm also still told that my 7u21 is out of date and needs updating.

My chrome:plugins report:

   Navn:	Java Plug-in 1.7.0_21
   Beskrivelse:	Java plug-in for NPAPI-based browsers.
   Mappeplacering:	/usr/lib/jvm/java-7-oracle/jre/lib/i386/

And according to, i have "Version: Java SE 7 Update 21" and it says "latest java installed" with a big fat green check mark. 

As per, the plugins_linux.json file has java marked as requires_authorization even though it is the newest as of this writing. 

I'm running Chromium 25.0.1364.160 Ubuntu 12.04, so don't know how much of still applies to my. However it still seems that the plugins_linux.json file should be update to acknowledge 7u21 as up_to_date? 
Jun 7, 2013
This is nothing to do with the json file. The version of your plugin is blank, as shown in chrome:plugins. Oracle appear to have left the version number out, so our code doesn't identify it as being The code needs to be changed to try and read the version number out of the name, or similar.

requires_authorization is the right flag for the latest java plugin, because we don't allow java to run by default even if it's up to date.
Jun 19, 2013
in which specific file is Chrome reading the Java version number ?
Jun 19, 2013
It's not reading it from any file; it's calling a function exported by the plugin itself to ask the plugin what its own version number is, and the plugin isn't returning a valid answer.
Jun 19, 2013
@torne, which function? Is there a bug opened for it in the Java side?
Jun 19, 2013
I have submitted a Bug report to Java:

Report (Bug ID: 9004023 ) - Chrome:plugins reports latest java is out of date

In a large dose of irony I could not search the bug database because... Yep, it's run on java...

>Dear Java Developer,
>Thank you for reporting this issue.
>We have determined that this report is a new bug and have entered the bug into our >bug tracking system under Bug Id: 9004023. You can look for related issues on the >Java Bug Database at
>We will try to process all newly posted bugs in a timely manner, but we make no >promises about the amount of time in which a bug will be fixed. If you just reported >a bug that could have a major impact on your project, consider using one of the >technical support offerings available at Oracle Support.
>Java Developer Support
Jul 4, 2013
Bug 9004023 still doesn't show up on Oracle's bug database, maybe it just hasn't been reviewed yet.

Since things seem to be slow on Java side, is there any chance this will be resolved by Chrome (eg. by parsing the name instead of the description, as suggested by comment #78)?
Jul 9, 2013
I don't see this as a Java-specific issue nearly as much as a difference of opinion over whose computer it is and who gets to decide what will and will not run.

Create the file /etc/opt/chrome/policies/managed/itsmycomputer.json (or, /etc/chromium/policies/managed/itsmycomputer.json for chromium) and add:

	"AllowOutdatedPlugins" : true

to the file and restart chrome. You can type chrome://policy in the address bar to see that it has taken effect.
Jul 12, 2013
This useless crappy check which gets broken about every other Java release and takes weeks to "fix" gets beyond ridiculous. And yeah, absolutely. What people run on their computers is their own business.
Jul 12, 2013
#104: isn't this a little too dangerous? One thing would be to whitelist Java only (even this wouldn't be advisable IMHO), but simply disable the check for all plugins seems too risky.

And, yes, it sucks that Oracle changed this out of the blue, but I would guess this (having the version id on the description field) is not a standard. Even Chrome's own plugins don't follow it (eg. PDF viewer and remote desktop viewer). So, AFAICS it could break anytime, with any plugin.

(I'm not defending Java, just saying this mechanism seems to be inherently weak).

What I don't get is why the "Version" field isn't used by almost any plugin... Here on my installation only "Widevine Content Decryption Module" and Flash player correctly expose their version numbers through the "version" field :-P
Jul 12, 2013
#106: Maybe. But it should be YOU making that decision. For me, since I don't think any of the Java exploits affected Linux, I don't care. For a corporate environment where IT automatically rolls out updated plugins, maybe, maybe not.

The point is that "I don't care what you want -- I won't let you" or "I'll let you THIS time only, but don't try it again" is not an acceptible (to me) way to write software (part of the reason I have Android tablets instead of the ones that only let me run "approved" apps).

Of course, a better way to handle this might be to have an additional setting per plugin in chrome://plugins to allow certain ones you know to be up to date that are failing the test, but given the choice between being held hostage to a brain-farted safety check or turning the thing off, I chose the latter.

And you should make the choice for yourself.
Jul 12, 2013

One year after, the same wrong report is here in my Ubuntu 12.04, says "You have the recommended Java installed (Version 7 Update 25)",
Firefox don't complain,
but Chromium 28.0.1500.52 says "Java(TM) was blocked because it is out of date",
chrome://plugins/ shows Java Plug-in 1.7.0_25, but asks for a security update of the plugin.
I uninstalled and reinstalled everything, and nothing happens.

No solution yet?

Jul 22, 2013
Xubuntu 12.04, chrome 28.0.1500.71 stable, still seeing the issue (out of date only);
Aug 1, 2013
I've also got the out-of-date issue.
Ubuntu 12.04 with Chrome Version 28.0.1500.95 stable
Aug 1, 2013
FWIW yesterday I ran into this issue on my Slackware 14 box running Java 1.7.0_25.  I updated to the latest stable and nothing, then I updated to the developer version of Chrome and altough I still got the message at least I was given the option to still run the applet.
Aug 6, 2013
Same here, Chrome google-chrome-stable-27.0.1453.110-202711.x86_64
java: jre-1.7.0_25-fcs.x86_64 (latest RPM)
Aug 11, 2013
Same problem

Chromium Versione 28.0.1500.71 Ubuntu 12.04 (28.0.1500.71-0ubuntu1.12.04.1)

java -version
java version "1.7.0_25"
Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
Java HotSpot(TM) Client VM (build 23.25-b01, mixed mode)

Schermata del 2013-08-11 18:47:36.png
88.8 KB   View   Download
Aug 22, 2013
Same issue here
Chromium Version 28.0.1500.95 Debian 7.1 (213514)

java version "1.7.0_25"
Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode)

Seems nobody cares more about it after its birthday.
Aug 23, 2013
Just a bump on this issue to inform that after update to Chrome 29.0.1547.57 on Ubuntu 13.04 with Java 7v25 the issue unfortunately remains.
Aug 23, 2013
Dear devs, which part of "your check is totally broken" is so hard to get? Until you figure a working one (which you miserably failed to do for over a year), kindly drop the check altogether, because it serves absolutely no useful purpose, just pissing people off. Ridiculous.
Aug 23, 2013
It actually hasn't been broken for over a year; this bug has been reused for a completely different issue to the original reason it was opened. The original problem was us not parsing the version correctly, and was fixed >6 months ago; unfortunately, some time after that Oracle removed the version field from their Java plugin entirely which broke it again.

There is no need for anyone to add comments here saying that they still have the problem: the bug is still open, we know it's still a problem. If you want to keep track of whether this has been fixed, please star the bug to receive updates.
Aug 23, 2013
Hi Torne,

I'm glad that chromium developer are responding to this. Since there is absolutely no way to check if a plug-in is outdated, why not just skip the checking. Something like if "version" info is not available, it must be pretty updated (because adobe changed it quite recently) isn't it? I believe it is not hard to do and it saves a lot of hassle especially for those who are very eager to access their bank record or oracle bug database.

Just my 10 cents.
Aug 23, 2013
There *is* a way to check if the plugin is outdated, we need to parse the version number out of the plugin's name field instead, and no, we can't assume that anything with a blank version field is up to date, because they've released more than one version of Java with a blank version and all but the latest are now out of date.

If you want to bypass the check until this is fixed you can run Chrome with --allow-outdated-versions.
Aug 23, 2013
Well, if there is an option --allow-outdated-java-plugins, that makes more
sense. Simply ignore all outdated warning just because of one plugin sounds
not very neat.
Aug 23, 2013
But this option exists on Chrome. 

Go to Settings, click on "Show advanced setting", under Privacy click on Content Settings, under Plugins click on "Disable individual plugins", then on Java click on "always allowed".

Just be aware that this is an incredible security risk.

For the same reason, they cannot allow unchecked versions to run automatically.
Aug 23, 2013
Thanks for pointing out. I spent 5 mins to get to the plug-in setting.
Didn't realize this security related feature is under "Privacy". Well..
Aug 23, 2013
Technically, it isn't, the "disable individual plugins" is just a shortcut to chrome://plugins, which you can access directly. BTW I had never noticed the "always allowed" checkbox on that page, thks for pointing that out (even though I don't intend to use it ;-))
Aug 23, 2013
"Just be aware that this is an incredible security risk. For the same reason, they cannot allow unchecked versions to run automatically."

Uhm... I guess I've heard this before. 

"If you think your users are idiots, only idiots will use it." © Linus Torvalds. 
Aug 28, 2013
 Issue 278031  has been merged into this issue.
Sep 11, 2013
Java 7 Update 40 is not being reported as out of date (Chrome 29.0.1547.65 (Official Build 220622, Ubuntu 13.04)


Java(TM) (3 files) - Version: 10.40.2
Next Generation Java Plug-in 10.40.2 for Mozilla browsers
Name:	Java(TM) Plug-in 10.40.2
Description:	Next Generation Java Plug-in 10.40.2 for Mozilla browsers
Version:	10.40.2
Location:	/usr/lib/jvm/java-7-oracle/jre/lib/amd64/

Version field is no longer blank.

Sep 11, 2013
I confirm Java 7 update 40 is now not reported as being out of date on Ubuntu 12.04 64 bit.  

Chromium Version "28.0.1500.71 Ubuntu 12.04 (28.0.1500.71-0ubuntu1.12.04.1)"
Sep 11, 2013
Updated and tested on
Working fine.

Can anyone close this issue as no more reproducible?
Sep 11, 2013
Yay! Thanks for your patience, guys :)
Status: WontFix
Jan 18, 2014
Fedora 3.12.7-200.fc19.x86_64
Chrome Version 32.0.1700.77
jre1.7.0_51  (latest version)

Chrome reports plugin out of date and refuses to run the javascript from that allows you to play through a game.  Does not even ask 
if you want to run it despite the risk.

Solution (3 steps)

(1) First, I installed the Chrome javascript extension called quick javascript

(2) I cd'd to /usr/java/jre1.7.0_51/bin and ran ControlPanel.  Under the
security settings tab, I added the website "" to
the list of allowed sites.  It complained that it was not an https site,
but let me add it after clicking the box which said to add it anyway,
even though it was a security risk.

(3) Then, in firefox, a chess game appeared without any difficulties
(but only after placing a soft link to in the firefox plugins
directory) In Chrome, it was still blocked, but when I clicked on the "quick
javascript switcher" icon, I got the usual prompt that running the script
was a security risk, but did I want to do it anyway?  I clicked yes,
and we were off and running as usual.

After that one "javascript switcher" invocation, future attempts to play
out a game on immediately came up with the prompt asking
if you really wanted to run the script even though it is insecure.
Sign in to add a comment

Powered by Google Project Hosting