Vulnerabilities in Adobe’s Flash Player may seem trivial but yet they are among the flaws mostly leveraged by attackers. Perhaps that’s a reason good enough for Google to decide to make HTML5 the primary standard in Chrome. Only 10 white-listed websites will run Flash Player. The change is supposed to happen by the fourth quarter of 2016.
HTML5 by Default: Google’s Intentions
Google’s project is title HTML5 by Default. It aims to make HTML5 the default experience, even though Chrome will still come with Flash Player. However, it won’t be advertised. In other words, whenever a website supports HTML5, the latter will be the default experience. In case any website needs Flash Player, a prompt window will be displayed at the top of the page. This will enable the user to run or decline Flash on the page.
In case the user enables it, “Chrome will advertise the presence of Flash Player and refresh the page“, as explained by Google.
Why Is Google Choosing HTML5 Over Flash Player?
As said in the beginning, Flash Player’s background hasn’t been that good when it comes to vulnerabilities. In addition, HTML5 offers a better approach in terms of media experience and load times. In February, Google also stated that:
- Starting June 30th, 2016, display ads built in Flash can no longer be uploaded into AdWords and DoubleClick Digital Marketing.
- Starting January 2nd, 2017, display ads in the Flash format can no longer run on the Google Display Network or through DoubleClick.
Moreover, Adobe has already revealed their intentions to offer tools for developing HTML5 in a blog post from November last year. This is an excerpt of Adobe’s statement:
[…] We are announcing Animate CC, previously Flash Professional CC, which will be Adobe’s premier web animation tool for developing HTML5 content while continuing to support the creation of Flash content. Adobe Animate CC will be available in early 2016. In addition, Adobe will release an HTML5 video player for desktop browsers, which will complement Adobe’s support for HTML5 on mobile.
What about the 10 white-listed websites mentioned in the beginning? They will be sorted based on cumulative usage of a specific domain. The list includes services such as YouTube, Facebook, Amazon, and Mail.ru. Enterprises will also be enabled to run content based on Flash. The white list will be available for a year, during which it will be updated regularly.