On Saturday, I started to notice that logins to the vSphere Web (Flex) Client stopped working with Google Chrome. Upon a successful logon, it would immediately crash with "Shockwave Flash has crashed" message. I had seen this message plenty of times in the past and usually restarting Chrome would resolve the problem but this time it looked to be persistent even after a system reboot.
I took to Twitter to see if I was the only one hitting this issue since I was not able to find anything on the web and literally in minutes, I had several dozen replies with folks experiencing the same issue which apparently started several days ago but like most, including myself, thought it was an isolated event.
I thought it was just me, but apparently other folks reporting Flash crashing immediately w/Flash Web Client on latest Chrome. Anyone else? pic.twitter.com/8RWbyPGLG4
— William Lam (@lamw) October 15, 2017
After a bit of back/fourth and a few other folks chiming in, it looks like Google actually went and published a newer version of Flash (18.104.22.168) with latest Chrome (61.0.3163.100) update. This newer Flash version is not even available for download and the current version as listed on Adobe's website should be 22.214.171.124. This issue not only affects VMware products that uses Flash but any website that has Flash content and I had also noticed few others sharing frustrations on Twitter for other flash-based websites.
Luckily, one workaround that I had found which others have also confirmed is to switch to Firefox which currently does not have this issue Its also been reported that latest updates from Firefox is also distributing the latest Flash which causes the exact same issue. Like most, Chrome is my default browser and it was annoying that I had to switch to another browser but that was the only way I could access the content I needed. Earlier this evening, I was looking at the VMware Reddit Channel and noticed a thread had popped up regarding this exact issue and it looks like more and more folks are now noticing.
I had quickly glanced through the thread and thought there was not any new info, but then I saw an interesting comment from Reddit user theVelement who apparently found a nice workaround that would allow you to use latest version of Chrome with the vSphere Web Client. He found that if you still had the previous or even older version of Flash, you could simply delete the latest version and Chrome would function again.
Disclaimer: Be be aware that the latest version of Flash (126.96.36.199) does resolve a major 0-day security vulnerability which is outlined here and reverting its affects can put you and your organizations at risk. Please use. One potential option to mitigate the risk of reverting the Flash version is to build a single jumphost VM that contains the workaround and ensuring it does not have any outbound network connectivity and limiting its access. This can be used temporarily to manage your VMware infrastructure that requires Flash until this issue is resolved by Adobe.
UPDATE1 (10/16/2017) - It looks like you can also simply replace the new pepperflash DLL with an older version and placing it within the 188.8.131.52 folder (in case Chrome tries to update it). If you are looking for a working Windows DLL, it looks like one has been posted on one of the Chrome Issues thread here. Please be aware that the latest version of Flash (184.108.40.206) does resolve a major 0-day security vulnerability which is outlined here and reverting its affects can put you and your organizations at risk.
UPDATE2 (10/16/2017) - For those wanting to disable the auto-update feature of Chrome, you can do so by changing the following HKLM\SOFTWARE\Policies\Google\Update\AutoUpdateCheckPeriodMinutes to 0. Thanks toChip Zoller for sharing this tidbit!
UPDATE3 (10/16/2017) - VMware has just published KB 2151945 outlining the Flash issue which includes workarounds for both Firefox and Chrome.
UPDATE4 (10/17/2017) - Adobe has published an update here regarding the issue and it looks like there maybe a beta release as early as next week.
UPDATE5 (10/18/2017) - Adobe has just published a new beta build of Flash which includes both the security fix as well as the fix resolving the vSphere Web Client as well as other VMware-based products that rely on Flash (e.g. vCloud Director, etc). Depending on the platform, you may need to un-install the previous version of Flash and make sure you restart your browser. I just verified on my macOS system that I can now logon to a vSphere Web (Flex) Client without issues.
UPDATE6 (10/25/2017) - Adobe just published a new Flash update 220.127.116.11 which looks to resolve the original issue. I have successfully verified this on both a macOS and Windows system. You may need to un-install the beta build if you had that installed, which you can find here.
For Windows, the path is %LocalAppData%\Google\Chrome\User Data\PepperFlash
For macOS, the path is ~/Library/Application\ Support/Google/Chrome/PepperFlash
On my Windows system, I found that I only had the latest version of Flash.
However, this system does have other user accounts and quickly going through another account, I found that it had an older version of Flash 18.104.22.168 which I was able to copy pepperflash DLL to the directory and then restart Chrome and the vSphere Web Client worked again!
On my macOS system, I was lucky that it still contained the previous version 22.214.171.124 and once I copied the PepperFlashPlayer.plugin to 126.96.36.199 directory and restarted Flash, I was able to login to the vSphere Web Client.
Although this is not ideal, at least for anyone who MUST use Chrome, there is somewhat of a workaround if you can find a previous copy of Flash. In the meantime, there has been no updates from Adobe but there is now PR being tracked on Chrome's public issue tracker which you can follow here.
Huge thanks to theVelement for sharing the workaround!