Last month, Firefox blocked all Flash content by default – as it waited for Adobe to patch a critical security hole that was being actively exploited in malicious attacks.
The news came hot on the heels of Facebook’s security chief calling for Flash to be put out of its misery permanently.
And from next Tuesday, September 1st, Google’s Chrome browser will be blocking Flash ads by default. In a notice posted on Google Plus, the company says that the change is being made to improve performance for users.
In June, we announced (https://goo.gl/TF7dmD) that Chrome will begin pausing many Flash ads by default to improve performance for users. This change is scheduled to start rolling out on September 1, 2015.
But let’s not kid ourselves, a major driver for this is to reduce malvertising – the rogue web adverts that can infect your computer with malware as you browse a legitimate website.
The Register explains that Chrome’s step away from Flash won’t stop all Flash content from automatically running when you visit a website, but “non-essential” content will be automatically paused.
Google says that concerned advertisers should switch their Flash ads to HTML5 pronto, explaining that “most Flash ads” uploaded to Google AdWords are already automatically converted.
Flash isn’t going to die overnight, but this is surely yet another nail in its coffin.
I, however, wouldn’t just rely upon Google’s sniffy attitude to Flash ads to be enough to protect your computer.
If you must have Adobe Flash installed (which is, itself, debatable) make sure you are always running the latest version. If you are not sure which version of Adobe Flash you are running on your computer, visit this Adobe webpage which will tell you.
Versions of Adobe Flash Player installed with Google Chrome, Microsoft Edge for Windows 10, and Internet Explorer 10 and 11 for Windows 8.0 and 8.1, should receive automatic updates. So you have less to worry about.
But it’s sensible, I believe to go further than just keeping Adobe Flash patched and updated.
Consider enabling Click-to-Play in your browser, one of the best ways to protect yourself against criminals exploiting vulnerabilities in Adobe’s software.
But, be warned, disabling or nobbling Flash in just your browser may not be enough to protect your computer from infection – as it’s perfectly possible for Flash vulnerabilities to be delivered to your PC by routes other than the web.
There have been, on average, 5 bugs a week in the Flash Player in 2015. I am writing this on August 30 ,2015, which means it is likely that Flash *now* has 10 unpatched bugs.
Stop the Flash Player madness – 5 new bugs a week
www.computerworld.com/article/2971721/security/stop-the-flash-madness-5-bugs-a-week.html