Google outlines how it will kill Adobe Flash Player

Google has published a proposal to kill one of the most widely attacked and buggy pieces of software on the internet.

The search company has announced plans to make HTML5 and not Adobe’s Flash Player plugin the default media player in Chrome by the fourth quarter of 2016, including stopping people from installing Flash Player via non-Google websites.

According to a new plan reported by Venture Beat, Google will make the Flash plugin in Chrome a secondary option for the entire web except for the top 10 domains by the end of 2016.

Google outlined its Flash strategy in “HTML5 by Default”, a document that spells out its framework for demoting Flash in Chrome.

Google last year disabled Flash in Chrome for non-central content, such as ads. This proposal, if fulfilled, will be a more aggressive effort to ween the web off of Flash.

Until HTML5, Flash has been the default for animated and video content through desktop browsers, but it’s also been widely exploited by hackers, often enough before Adobe has had a chance to supply a patch.

To get a sense of how central Flash is to the web, it is worth noting that it is bundled with Internet Explorer 11, Microsoft’s new Windows 10 Edge browser, and Chrome for Windows, Mac, and Linux.

Google isn’t saying goodbye to Flash altogether, but the proposed change would amount to a drastic demotion.

Thanks to Flash being bundled with Google’s browser, Chrome receives the latest security updates for Flash as soon as Adobe has made them available. It has meant that Chrome users haven’t needed to know when Adobe releases a security update. That won’t change in the future setup.

But Chrome users also didn't know when a site requires Flash since the site will just work in Chrome.

Under the new plan, it will be near impossible for any Chrome user to not be aware that they are using Flash if a site requires it.

“Flash Player will come bundled with Chrome, however its presence will not be advertised by default,” Google said in the proposal.

“When a user encounters a site that needs Flash Player, a prompt will appear at the top of the page, giving the user the option of allowing it for a site.”

“If the user accepts, Chrome will advertise the presence of Flash Player, and refresh the page.”

Google’s plan will also focus on discouraging web publishers from recommending Flash by intercepting requests in Chrome that prompt users to install Flash.

“Some sites, like, direct users to download Flash Player, when they don’t see it advertised. Once the user clicks on the download link (i.e. we will intercept the request, cancel the navigation, and instead present an “Allow Flash Player …” infobar, with behavior consistent to the previous flow”.

Join the CSO newsletter!

Error: Please check your email address.

Tags MacLinuxWindows 10 Edge browserWindowsweb publisherspandora.comAdobe Flash playeredgecorruptionchromehtml5Googlebugsoftware

More about GoogleLinuxMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place