August 11, 2016 By Douglas Bonderud 2 min read

Adobe’s Flash player continues to struggle with security. As noted by ZDNet, the company recently disclosed 52 new vulnerabilities that could lead to remote code execution and includes memory corruption, heap buffer overflows and use-after-free issues.

While a security update was quickly issued to resolve these concerns, the constant break-fix cycle has led some companies — Google and Twitch, for example — to speed their HTML5 update timelines and phase out Adobe’s offering. What does a web experience low on Flash really mean for the future of online security?

Flash in the Pan

According to Google’s official Chrome blog, the time has come to “de-emphasize Flash in favor of HTML5.” While the company acknowledges the “pivotal role” of Adobe’s offering in the evolution of web-based video, gaming and animation, there’s a problem: More than 90 percent of this Flash-based content now loads behind the scenes, not only slowing down the end-user browsing experience, but also increasing the risk of security breaches.

With the release of Chrome 53 this September, the search giant won’t simply ask users if they prefer Flash or HTML5, but will actively block Flash from running unless sites only support the Adobe player. As noted by Ars Technica, the new Firefox 48 release “almost exactly mirrors” the Chrome update. According to TechCrunch, video-streaming site Twitch is also rolling out a beta HTML5 update to replace Flash for its subscribers.

HTML5 Update Improves Speed and Security

So what’s the big benefit for users as companies make the switch from Flash to HTML5? Google said the new technology means reduced power consumption and faster load times, while Twitch users should see fewer frame drops and less CPU load.

Of course, HTML isn’t without its own issues. As noted by Softpedia, HTML5 ads aren’t always safer than their Flash counterparts. This begs the question: Will the move to HTML5 really mean better security for end users or just another set of personal browser problems?

According to ComputerWeekly, there are distinct advantages to choosing the new HTML standard over Flash. First is the rapid uptake of Flash, especially for video players, which led to a massive uptick in vulnerabilities. Coupled with the proprietary nature of Adobe’s code, it became difficult for companies, most famously Apple, to justify the use of this program in their operating systems.

HTML5, by contrast, is an open-source development that leverages JavaScript to perform almost all of its most complex web tasks. The result: Behind-the-scenes loading — where many vulnerabilities flourish — virtually disappears, while developers get more control over how HTML5 deploys in web browsers, displays content and defends against attacks.

HTML5 isn’t perfect, but Flash simply can’t complete. Google’s new stance shouldn’t come as a surprise. It is a significant step toward a less Flashy, more secure web browsing experience.

More from

How governance, risk and compliance (GRC) addresses growing data liability concerns

4 min read - In an era where businesses increasingly rely on artificial intelligence (AI) and advanced data capabilities, the effectiveness of IT services is more critical than ever. Yet despite the advancements in technology, business leaders are increasingly dissatisfied with their IT departments.According to a study by IBM's Institute for Business Value, confidence in the effectiveness of basic IT services among top executives has significantly declined. While AI promises transformational capabilities, particularly generative artificial intelligence (gen AI), the road to realizing these benefits…

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

Cybersecurity Awareness Month: Horror stories

4 min read - When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior.October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to share some of their most memorable and haunting cyber incidents. (Names and companies are anonymous to avoid any negative impact. Suffering a cyber incident is bad…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today