“If you’re reading this, you probably know how to upgrade one version of Windows to another. Even though it’s an easy process, it’s still tedious and boring to watch Windows download and install, and then you have to spend more time moving through screens and tweaking settings. Meh.”
How do I disable Java in my web browser?
How do I disable Java in my web browser?
This article applies to:
- Platform(s): Solaris SPARC, Solaris x86, Red Hat Linux, SUSE Linux, Oracle Enterprise Linux, Windows 8, Windows 7, Vista, Windows 2008 Server, Macintosh OS X
- Browser(s): Internet Explorer, Firefox, Chrome, Safari
- Java version(s): 7.0, 7u10+
Starting with Java Version 7 Update 10, a new security feature has been added to Java. Some web pages may include content or apps that use the Java plug-in, and these can now be disabled using a single option in the Java Control Panel.
Disabling Java through the Java Control Panel will disable Java in all browsers.
Find the Java Control Panel
Windows XP
- Click on the Start button and then click on the Control Panel option.
- Double click on the Java icon to open the Java Control Panel.
Windows 7, Vista
- Click on the Start button and then click on the Control Panel option.
- In the Control Panel Search enter Java Control Panel.
- Click on the Java icon to open the Java Control Panel.
Windows 8
Use search to find the Control Panel
- Press Windows logo key + W to open the Search charm to search settings
OR
Drag the Mouse pointer to the bottom-right corner of the screen, then click on the Searchicon. - In the search box enter Java Control Panel
- Click on Java icon to open the Java Control Panel.
Disable Java through the Java Control Panel
- In the Java Control Panel, click on the Security tab.
- Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
- Click Apply. When the Windows User Account Control (UAC) dialog appears, allow permissions to make the changes.
- Click OK in the Java Plug-in confirmation window.
- Restart the browser for changes to take effect.
RELATED INFORMATION
Disable the Java content in the particular browser
Internet Explorer
The only way to completely disable Java in Internet Explorer (IE) is to disable Java through the Java Control Panel as noted above.
Chrome
- Click on the Chrome menu, and then select Settings.
- At the bottom of Settings window, click Show advanced settings
- Scroll down to the Privacy section and click on Content Settings.
- In the Content Settings panel, scroll down to the Plug-ins section.
- Under the Plug-ins section, click Disable individual plug-ins.
- In the Plugins panel, scroll to the Java section. Click Disable to disable the Java Plug-in.
- Close and restart the browser to enable the changes.
Note: Alternatively, you can access the Plug-ins settings by typing about:plugins in the browser address bar.
Firefox
- Click on the Firefox tab and then select Add-ons
- In the Add-ons Manager window, select Plugins
- Click Java (TM) Platform plugin to select it
- Click Disable (if the button displays Enable then Java is already disabled)
Safari
- Choose Safari Preferences
- Choose the Security option
- Deselect Enable Java
- Close Safari Preferences window
New Java vulnerability is being exploited in the wild, disabling Java is currently your only option
A new Java 0-day vulnerability has been discovered, and is already being exploited in the wild. Currently, disabling the plugin is the only way to protect your computer.
Update on December 11: Oracle’s Java vulnerability left open since October 2012 ‘fix’, now being used to push ransomware
The US Computer Emergency Readiness Team (US-CERT), which falls under the National Cyber Security Division of the Department of Homeland Security, has issued the following vulnerability note:
Overview – Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description – Java 7 Update 10 and earlier contain an unspecified remote-code-execution vulnerability. This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits.
Impact – By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.
It appears this flaw was first stumbled upon by a French researcher who goes by the name Kafeine. In a post on his Malware Don’t Need Coffee website, the researcher claimed that the latest version, Java 7 Update 10, was being exploited on a site that receives “hundreds of thousands of hits daily” and concluded that “this could be mayhem.”
More importantly, Kafeine noted the two most popular Web threat tools used by hackers to distribute malware, the BlackHole Exploit Kit and the Cool Exploit Kit, already have this latest Java exploit. BitDefenderconfirmed the alleged addition of the exploit into Cool while security expert Brian Krebs confirmed the BlackHole part, as well as noted its addition into Nuclear Pack:
The curator of Blackhole, a miscreant who uses the nickname “Paunch,” announced yesterday on several Underweb forums that the Java zero-day was a “New Year’s Gift,” to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack.
This actual vulnerability was later confirmed by security firm AlienVault Labs. With Kafeine’s help, the company reproduced the exploit on a new, fully-patched installation of Java, and used a malicious Java applet to remotely execute the Calculator application on Windows XP:
We recommend that regardless of what browser and operating system you’re using, you should uninstall Java if you don’t need it. If you do need it, use a separate browser when Java is required, and make sure to disable Java in your default browser.
We have contacted Oracle about this issue. We will update you if we hear back.
Update on December 11: Oracle’s Java vulnerability left open since October 2012 ‘fix’, now being used to push ransomware
See also – Security companies are recommending you disable Java, or just uninstall it and Mozilla joins the chorus, tells Firefox users to disable Java due to security hole
