August 11, 2016 By Douglas Bonderud 2 min read

Adobe’s Flash player continues to struggle with security. As noted by ZDNet, the company recently disclosed 52 new vulnerabilities that could lead to remote code execution and includes memory corruption, heap buffer overflows and use-after-free issues.

While a security update was quickly issued to resolve these concerns, the constant break-fix cycle has led some companies — Google and Twitch, for example — to speed their HTML5 update timelines and phase out Adobe’s offering. What does a web experience low on Flash really mean for the future of online security?

Flash in the Pan

According to Google’s official Chrome blog, the time has come to “de-emphasize Flash in favor of HTML5.” While the company acknowledges the “pivotal role” of Adobe’s offering in the evolution of web-based video, gaming and animation, there’s a problem: More than 90 percent of this Flash-based content now loads behind the scenes, not only slowing down the end-user browsing experience, but also increasing the risk of security breaches.

With the release of Chrome 53 this September, the search giant won’t simply ask users if they prefer Flash or HTML5, but will actively block Flash from running unless sites only support the Adobe player. As noted by Ars Technica, the new Firefox 48 release “almost exactly mirrors” the Chrome update. According to TechCrunch, video-streaming site Twitch is also rolling out a beta HTML5 update to replace Flash for its subscribers.

HTML5 Update Improves Speed and Security

So what’s the big benefit for users as companies make the switch from Flash to HTML5? Google said the new technology means reduced power consumption and faster load times, while Twitch users should see fewer frame drops and less CPU load.

Of course, HTML isn’t without its own issues. As noted by Softpedia, HTML5 ads aren’t always safer than their Flash counterparts. This begs the question: Will the move to HTML5 really mean better security for end users or just another set of personal browser problems?

According to ComputerWeekly, there are distinct advantages to choosing the new HTML standard over Flash. First is the rapid uptake of Flash, especially for video players, which led to a massive uptick in vulnerabilities. Coupled with the proprietary nature of Adobe’s code, it became difficult for companies, most famously Apple, to justify the use of this program in their operating systems.

HTML5, by contrast, is an open-source development that leverages JavaScript to perform almost all of its most complex web tasks. The result: Behind-the-scenes loading — where many vulnerabilities flourish — virtually disappears, while developers get more control over how HTML5 deploys in web browsers, displays content and defends against attacks.

HTML5 isn’t perfect, but Flash simply can’t complete. Google’s new stance shouldn’t come as a surprise. It is a significant step toward a less Flashy, more secure web browsing experience.

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today