Guest Speaker: Darien Cavanaugh “Google Chrome Replaces Adobe Flash with Html5 in Latest Update”
Google Chrome has replaced Adobe Flash with HTML5 in its latest version, according to an Engadget report by Billy Steele
“Google proposed making HTML5 the default over Flash in its Chrome browser back in May,” Steele writes. “With the latest release, Chrome 55, the company has nearly completed the transition. Chrome now defaults to HTML5 except when a site is Flash-only or if its [sic] one of the top 10 sites on the web.”
For sites that are not Flash-only or among the top 10 sites on the internet, users will be prompted to enable Flash upon their first visit.
The switch from Adobe Flash to HTML5 in the Google Chrome browser has been in the works for some time. Flash that runs “behind the scenes” on websites was blocked in Chrome in the two previous versions, according to Steele.
Converting to HTML5 is expected to result in generally better performance, particularly in terms of increased security and faster load times for web pages. Google Chrome 55 also allows for CSS automatic hyphenation that should “help with the look of text blocks and line wrapping,” Steele says.
Security issues and other bugs have been a problem for Adobe Flash in the past.
In December of 2015, Computerworld’s Michael Horowitz penned an article titled “When it comes to bugs, the Adobe Flash Players [sic] cup runneth over.”
“The Adobe Flash Player just closed out the year with another clump of bug fixes; nineteen were released today,” Horowitz begins.
According to Horowitz, “Flash averaged 6.1 bug fixes per week” in 2015.
“There was a flood of fixes at the end of the year,” he explains. “From mid-October on, Adobe fixed 113 bugs, roughly 1.5 per day. The final tally for 2015 is 316 Flash Player bugs.”
Horowitz threw in an emphatic acknowledgment of Flash’s advanced age, exclaiming, “This, for software that is over 18 years old.”
That’s ancient in software years.
In June, Ars Technica’s Dan Goodin reported on a “critical Adobe Flash bug” that was under active attack by a group of hackers dubbed “ScarCruft” by researchers with the antivirus firm Kaspersky Lab. The researchers said the group was “relatively new” at the time.
“ScarCruft is a relatively new APT group; victims have been observed in several countries, including Russia, Nepal, South Korea, China, India, Kuwait, and Romania,” Costin Raiu wrote in a June 14th blog post for Kaspersky Lab. “The group has several ongoing operations utilizing multiple exploits — two for Adobe Flash and one for Microsoft Internet Explorer.”
Raiu cited two “major operations” the group was engaged in at the time, Operation Daybreak and Operation Erebus.
“Operation Daybreak, appears to have been launched by ScarCruft in March 2016 and employs a previously unknown (0-day) Adobe Flash Player exploit, focusing on high-profile victims,” Raiu wrote. “The other one, Operation Erebus, employs an older exploit, for CVE-2016-4117 and leverages watering holes.”
Raiu noted that Kaspersky researchers had identified the zero-day Adobe Flash Player bug “earlier this month.”
Adobe released a security advisory for the bug on June 14th as well, labeling the bug a “critical vulnerability” and promising to issue a security update to address the issue “as early as June 16.”
The security advisory acknowledged and thanked Anton Ivanov and Costin Raiu of Kaspersky Lab for identifying the vulnerability and bringing it to Adobe’s attention.
Google Chrome 55 is available now for Mac, Windows, and Linux desktop operating systems. There is no word yet on when Chrome 55 will be available for smartphones. When it is released, Steele says it will provide expanded download options that will better facilitate viewing web pages, images, and videos offline.
Google Chrome phasing out Adobe Flash doesn’t necessarily mean it’s the end for the multimedia platform. It does, however, deal a blow to its prominence among internet browsers.