Chrome To Block Most Flash Content By Default By End Of 2016

News
By Lucian Armasu
published

After blocking Flash ads last year, the Chrome team is ready to start blocking Flash content by default on most websites. Only the top 10 sites will get an extra year exemption, and after that their Flash content would be blocked as well. Browser users will still be able to manually play Flash inside Chrome for a while longer.

Last year, Chrome began block auto-playing Flash ads, as they would consume too much power, and they can also represent as a security risk. Not long before that, Mozilla had to block all Flash content by default for a short period, because of multiple critical Flash vulnerabilities that affected Firefox users.  

Flash has been a major source of critical vulnerabilities impacting hundreds of millions of browser users. For the most part, Chrome’s sandboxing could protect against those vulnerabilities, but not all browsers have sandboxing that can contain the Flash vulnerabilities, and even if they do, the protection may not be as potent.

After the aforementioned one-year extension, the top 10 sites will get the same treatment as all the other sites with Flash content. The ten sites include YouTube.com, Yahoo.com, VK.com, Live.com, Yandex.ru, OK.ru, Twitch.tv, Amazon.com, and Mail.ru.

Chrome will continue to support Flash for an indeterminate period of time, so users can still activate it on sites on which it is blocked by default if they deem it necessary. The sites that require Flash to run will prompt visitors with a choice to allow Flash or keep it disabled.

On some sites, such as Pandora.com, visitors are now automatically prompted to download Flash from Adobe’s site when they find that Flash can’t be played by default. Once the Flash blocking policy goes into effect, Chrome will intercept this type of request and instead prompt the visitors with an “Allow Flash Player…” info bar. Meanwhile, enterprises will be given the option to “Always run Flash content.”  

Google also said that in the future, the term “plugin” will be replaced by the term “Flash Player,” as that will be the last supported plugin in Chrome.

Adobe itself has begun encouraging developers to stop creating Flash content and focus on HTML5 instead, so it’s likely that Flash won’t be around much longer in other browsers, either.

Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu. 

Follow us on FacebookGoogle+, RSS, Twitter and YouTube.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
20 Comments Comment from the forums
  • braneman
    GOOD, let it DIE. Right now the only reason I still have it installed is because Twitch uses it, once that stops using it I actually won't have a use for flash anymore.
    Reply
  • -Fran-
    Isn't blocking something unilaterally akin to a form of "censorship"?

    I know the reasons for it and share them somewhat, but Flash is just as bad as badly coded Javascript when Browsers allow vulnerabilities AND server side code injection (CSRF, for example) as well. Browsers have vulnerabilities (hello IE, old FF), just like Flash has had them, but I never saw Microsoft nor Apple nor any Linux flavor group saying "yeah, we won't allow you to Install IE nor FF in your machines; they have issues with security".

    I don't like nanny systems telling me what to do or not, so I really wouldn't like Google, Microsoft, Mozilla or Apple (yeah, I don't use Apple products) to do this.

    Flash has to go, yes, but this is NOT the way of doing it.

    Cheers!
    Reply
  • pasow
    This isn't letting it die, this is using your market share to force a product to die. granted, while killing flash advertising was painful at my day job, i'm rather happy they did it. using a plugin to deliver advertising is/was silly.
    Reply
  • beckerp86
    Lucian, please fact check this text in the first paragraph: "Browser users will still be able to manually play Flash inside Chrome for a while longer." Where in the source did you see a date that Chrome would stop shipping with Flash support if users decided to enable content?
    Reply
  • ikaz
    I wouldn't call it Censorship they don't want any flash based programs at all due to known security issues and the fact that Adobe who created/supports flash is telling people to stop using it as well I think is a good thing. Plus you can still override it and choose to use another browser if it really bothers you.
    Reply
  • sam1275tom
    Normally I hate a when a product force user to do something, but this time I totally support chrome.
    Flash is such a stupid thing that: need a separate install, use too much resources, have tons of bugs(yes just play a video and try to navigate using keyboard, or using a pentium III to find that the video and audio is totally out-of-sync)... I don't even have flash installed on my own computer, yes, let it die, HTML5 can do things way better.
    Reply
  • -Fran-
    17974731 said:
    I wouldn't call it Censorship they don't want any flash based programs at all due to known security issues and the fact that Adobe who created/supports flash is telling people to stop using it as well I think is a good thing. Plus you can still override it and choose to use another browser if it really bothers you.

    This is a far-fetched example, and it might not be 100% 1:1, but... Imagine the Government decides to tell you driving is bad because it kills people when a few people doesn't drive properly. So now you have to walk or take the bus only, because regular citizens are now banned/prohibited from driving.

    Would you like that?

    Google should add all the warnings and light shows around the pages saying "this page contains Flash, are you sure you want to continue?" kind of thing, but disabling arbitrarily is wrong.

    Cheers!
    Reply
  • turkey3_scratch
    17974497 said:
    Isn't blocking something unilaterally akin to a form of "censorship"?

    I know the reasons for it and share them somewhat, but Flash is just as bad as badly coded Javascript when Browsers allow vulnerabilities AND server side code injection (CSRF, for example) as well. Browsers have vulnerabilities (hello IE, old FF), just like Flash has had them, but I never saw Microsoft nor Apple nor any Linux flavor group saying "yeah, we won't allow you to Install IE nor FF in your machines; they have issues with security".

    I don't like nanny systems telling me what to do or not, so I really wouldn't like Google, Microsoft, Mozilla or Apple (yeah, I don't use Apple products) to do this.

    Flash has to go, yes, but this is NOT the way of doing it.

    Cheers!

    You can unblock it, you know?
    Reply
  • jimmysmitty
    17974356 said:
    GOOD, let it DIE. Right now the only reason I still have it installed is because Twitch uses it, once that stops using it I actually won't have a use for flash anymore.

    I am absolutely all for the death of Flash, although I loved the idea behind it when it first came out but has been nothing but a massive hole since Adobe bought it.

    However I think it should be up to the person not Google/Chrome. Edge has the option to turn Flash on or off which is what it should be. If someone wants to use Flash let them.

    They have to also consider the government agencies, which most use IE still due to ActiveX being a widely used plugin for their software.

    If Chrome doesn't support it they wont gain that market.
    Reply
  • IndignantSkeptic

    This is a far-fetched example, and it might not be 100% 1:1, but... Imagine the Government decides to tell you driving is bad because it kills people when a few people doesn't drive properly. So now you have to walk or take the bus only, because regular citizens are now banned/prohibited from driving.

    Would you like that?

    Actually, driving is going to be banned soon, incidentally also thanks to Google. Actually, lots of jobs will be banned for humans.
    Reply