August 11, 2016 By Douglas Bonderud 2 min read

Adobe’s Flash player continues to struggle with security. As noted by ZDNet, the company recently disclosed 52 new vulnerabilities that could lead to remote code execution and includes memory corruption, heap buffer overflows and use-after-free issues.

While a security update was quickly issued to resolve these concerns, the constant break-fix cycle has led some companies — Google and Twitch, for example — to speed their HTML5 update timelines and phase out Adobe’s offering. What does a web experience low on Flash really mean for the future of online security?

Flash in the Pan

According to Google’s official Chrome blog, the time has come to “de-emphasize Flash in favor of HTML5.” While the company acknowledges the “pivotal role” of Adobe’s offering in the evolution of web-based video, gaming and animation, there’s a problem: More than 90 percent of this Flash-based content now loads behind the scenes, not only slowing down the end-user browsing experience, but also increasing the risk of security breaches.

With the release of Chrome 53 this September, the search giant won’t simply ask users if they prefer Flash or HTML5, but will actively block Flash from running unless sites only support the Adobe player. As noted by Ars Technica, the new Firefox 48 release “almost exactly mirrors” the Chrome update. According to TechCrunch, video-streaming site Twitch is also rolling out a beta HTML5 update to replace Flash for its subscribers.

HTML5 Update Improves Speed and Security

So what’s the big benefit for users as companies make the switch from Flash to HTML5? Google said the new technology means reduced power consumption and faster load times, while Twitch users should see fewer frame drops and less CPU load.

Of course, HTML isn’t without its own issues. As noted by Softpedia, HTML5 ads aren’t always safer than their Flash counterparts. This begs the question: Will the move to HTML5 really mean better security for end users or just another set of personal browser problems?

According to ComputerWeekly, there are distinct advantages to choosing the new HTML standard over Flash. First is the rapid uptake of Flash, especially for video players, which led to a massive uptick in vulnerabilities. Coupled with the proprietary nature of Adobe’s code, it became difficult for companies, most famously Apple, to justify the use of this program in their operating systems.

HTML5, by contrast, is an open-source development that leverages JavaScript to perform almost all of its most complex web tasks. The result: Behind-the-scenes loading — where many vulnerabilities flourish — virtually disappears, while developers get more control over how HTML5 deploys in web browsers, displays content and defends against attacks.

HTML5 isn’t perfect, but Flash simply can’t complete. Google’s new stance shouldn’t come as a surprise. It is a significant step toward a less Flashy, more secure web browsing experience.

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today