Our organization is running a non-persistent windows 10 1703 VDI with Chrome v73 and all has been flawless up until yesterday when Adobe released flash 188.8.131.52. It essentially broke every single flash website. Flash will not load at all it just shows the puzzle piece icon and if you right click and then click "Run Plugin" nothing happens. We had to open our image and manually install flash 184.108.40.206 (previous version) for Chrome and then disable the component updates in chrome via GPO to block flash from auto updating. This is obviously not a long term solution as Chrome will eventually block Flash from running at all if we get too far behind on the versions but I'd like to know what can be done to troubleshoot / fix this.
Copy link to clipboard
This is the only report I've seen of this issue. if your organization has a support agreement with Adobe, I'd recommend reaching out to your named support rep to see if someone can help debug on a representative system.
Chrome and Flash tend to release simultaneously. You might have some luck narrowing down the problem with the Chromium bisection tool (or at least eliminate Chrome as a potential source of the issue). bisect-builds.py - The Chromium Projects
When I see Flash refuse to run in a specific enterprise environment, I usually think that someone got overly enthusiastic when locking things down with custom GPOs, but most enterprise admins don't like to share details about their custom security configurations, which makes it hard for folks like me to spot patterns in "too-strict" configurations.
All I can recommend is to take a good look through your logs, and if you can't find a working configuration with bisect-builds (e.g. Chrome versions that pre-date April 9th don't work anymore), then I'd start looking at what else changed in your environment.
If you figured this out already, I'd be curious to know what you learned.
You're suggesting something changed in our image the exact same day that Adobe released a flash update for Chrome which isn't the case. This is a non-persistent VDI which means everything is controlled in the gold image, except the "Chrome components" flash included. That gets updated on-demand as it should. We've had all of these same settings set for the 2 years we've been running this VDI and have never had this issue. We are running Chrome v73 and have been since Google released it with no issues... until Adobe released flash .171 on 4/9. What's more reasonable and likely is that Adobe changed something in .171 which is causing this issue for us. As usual Adobe's release notes don't state anything other than "Bug and security fixes" which isn't helpful.
We just confirmed that Adobe did indeed change the certificate that is included in the pepflashplayer.dll file. We have a piece of security software that monitor's DLL file's for changes. We had to approve the updated cert included in the pepflashplayer.dll file and that resolved our issue.