Continuing a move it began last year, Google will phase out default support for the Adobe Flash multimedia player in its Chrome browser by the end of 2016.
A slide presentation that Google apparently recently published shows that Flash Player would continue to be bundled with Chrome, even after the end of the year. However, it will not be the default option on Chrome for running multimedia content as it has long been. Instead, that role will go to HTML5.
According to Google, after this year, Chrome will treat HTML5 as the default option for sites that support the protocol.
If a site requires Flash, Google will serve up an alert giving users the option of enabling the player to run Flash on that particular site. Depending on the user’s preferences, Google will then honor that setting for the user’s subsequent visits to the site.
Initially, at least, Google will let Flash Player run unchallenged on Chrome on the top 10 sites running the software. Google did not say what the whitelisted sites were, but an article in Fortune on May 16 said they included YouTube, Yahoo, Facebook, Amazon.com and some major Websites in Russia.
Google will take slightly more direct action when a Website automatically directs users to Adobe’s download page for Flash Player. When Chrome detects such redirection, it will intercept and cancel the attempt and instead serve up an alert asking users if they really want to allow Flash Player to run on their systems.
Enterprises will have more choice in deciding whether they want to always run Flash Player or not. Enterprises will get the option of instructing Chrome to always run Flash and never to prompt for an answer on that question again. Enterprise administrators will also have the ability to choose the sites that they want Flash to be supported on for an indefinite period or instruct Chrome to disable the plug-in and never run it again.
Google’s slide presentation described the plans as very tentative and still in the process of being fully fleshed out. “[It is] meant to give an approximate idea about the proposed user flow and prompts,” the presentation noted. “Details will evolve though the tone and spirit should remain fairly consistent.
Among the changes under consideration are tweaks to the acceptance language that users will be presented with when informing them about the ability to run or stop Adobe Flash Player. Google may also re-evaluate the options that it presents to users when prompting them for a response to whether they want Flash Player to run or not.
The Google slide presentation offered no explanation for the company’s decision to phase out support for Flash Player. But the company has made no attempt to hide its plans to kill support for the software in Chrome because of security concerns.
Flash Player is widely regarded as one of the buggiest products that are still widely in use anywhere. Over the years, security researchers have found more bugs in Flash than most other products.
Statistics from CVE Details, a site that maintains vulnerability data, shows that since Dec. 2005, Adobe has reported nearly 800 vulnerabilities in Flash or more than six every single month for the past nearly 11 years. Many of the flaws were rated as being of critical severity. Some 314 vulnerabilities, or nearly 40 percent of the total, were disclosed in 2015 alone. More than 8 in 10 of them were code execution flaws, which are generally considered of the most severe variety.
Prompted by concerns over the security issues in Flash Player, Google earlier this year announced that starting January 2017 it would stop accepting display ads running on Flash. The company is currently getting advertisers to use HTML5 instead. Last year, it announced that it would stop auto playing Flash ads in Chrome in a bid to improve rich media performance on the browser.