Under the auspice of saving battery life on laptops, Google just made good on their promise in June of this year to pause Flash elements on webpages loaded in their browser, Chrome. Though they don’t outright name what elements they are targeting *cough* advertising *cough*, as of September 1, Chrome will, by default, no longer autoplay Flash-based media on any page. If you want to punch that monkey to win a prize, you will have to click on the advertisement to get it to dance around on your screen. Now before you break out the champagne, this certainly doesn’t mean the end of web advertising by any stretch of the imagination – many of the ads you see are HTML5-based (including Google’s own AdWords platform) – but seeing as Chrome has 50% of the browser marketshare, it’s a safe bet that many, many advertisers will stop using Flash as a delivery mechanism, and given Flash’s long history of security weaknesses, this is a good thing.
What this means for you:
If you’re using Chrome as your main web browser, make sure it’s updated to the latest version, and start breathing the Flash-paused air. Firefox users have been enjoying this particular state for a little while now, as Mozilla put Flash in permanent time-out last month. If you are still using Internet Explorer (and many, many folks are required to because of various corporate applications) you can also experience a Flash-paused existence by following the steps outlined in this article.
Most importantly, if your website was designed with Flash elements (as many were up to about 2 years ago), it’s time to refresh your online presence to marginalize or eliminate the dependency on Flash. Its days are well and truly numbered.
Last week’s breach of Italian security firm Hacking Team exposed documentation that detailed the firm’s use of previously unknown security weaknesses in Adobe’s pervasive Flash platform. Typically known as “zero-day” vulnerabilities, these types of holes are being exploited by cybercriminals from the moment they are discovered, and companies will scramble madly to patch the problems and distribute the fix to their customers. Apparently fed up with the ongoing security failures of the plugin and Adobe’s lackluster speed at fixing them, Mozilla has started blocking outdated Flash plugins from running in Firefox, and Facebook’s security czar has called for the troubled platform to be retired:
It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.
— Alex Stamos (@alexstamos) July 12, 2015
What this means for you:
If you are the owner of a website that uses Flash, you should review whether its use is optional or required, with the latter choice presenting numerous challenges, including alienating a large segment of your mobile browsers; both iOS and Android require special, third-part apps to run Flash that are typically not free. Adding this to Google’s latest ranking algorithm which disfavors sites that aren’t mobile friendly, and you could end up with a website that gets relegated to a dark corner of the internet.
As a website visitor, at minimum you should update your Flash plugin immediately, and only do so by getting the latest version from Adobe’s website. Do not follow links or popups that appear while visiting websites – 99% of the time they are not legitimate and will lead to a malware infection. If you’d prefer to stop using Flash altogether, you can follow these instructions to make Flash ask for permission every time it runs: