Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Google to Stop Accepting Flash Ads

Google this week said it would stop accepting display ads built in Adobe Flash starting on Jun. 30, 2016, with plans to completely remove them from its platforms by Jan. 2, 2017.

Google this week said it would stop accepting display ads built in Adobe Flash starting on Jun. 30, 2016, with plans to completely remove them from its platforms by Jan. 2, 2017.

As of Jun. 30, advertisers will no longer be able to upload display ads built in Flash on Google’s AdWords and DoubleClick Digital Marketing platforms, and the Internet giant says it will stop display such ads at the beginning of next year. To ensure that their ads can still run on these platforms, advertisers are advised to update them to HTML5.

Google’s announcement comes almost half a year after Amazon stopped accepting Flash ads on its online shopping website. At the time, Amazon said that the move, which went into effect on Sept. 1, 2015, was prompted by browser setting in Chrome, Firefox, and Safari, which were meant to limit Flash content displayed on web pages.

The Flash plugin has been long considered a security menace, and experts have often advised both users and developers to move away from the insecure software. Adobe, on the other hand, is working hard on patching vulnerabilities in the popular plugin, and has partnered with researchers and organizations to find and resolve bugs in it.

The large number of security flaws in Flash, however, represents an attractive attack surface for cybercriminals, especially for those behind exploit kits, which often include newly patched vulnerabilities in their malicious programs. In fact, a November report from Recorded Future revealed that eight of the top ten vulnerabilities used by exploit kits in 2015 leveraged flaws in Flash Player.

While Adobe does not seem ready to let the plugin go just yet, other companies are not as keen on keeping insecure software alive. In January, Oracle announced plans to kill the Java browser plugin, a decision triggered by browsers such as Chrome , Firefox, and Edge phasing out support for NPAPI (Netscape Plugin Application Programming Interface).

Google did not cite security concerns as the main trigger for shutting down support for ads built in Flash, but instead says that it is going all in with HTML5, and that the move would help advertisers reach the widest possible audience across screens. In a post on Google+, the company also notes that the transition should result in an enhanced browsing experience for more people on more devices.

In August 2014, Google suggested that AdWords advertisers should adopt HTML5 for their ads at a larger scale, saying that there were “more consumers using the web in HTML5-compatible environments than in Flash-compatible environments” at the time. Advertisers were able to convert ads built in Flash to identical HTML5 ads, and that hasn’t changed until now.

Advertisement. Scroll to continue reading.

In fact, the Internet giant provides AdWords advertisers with a guide on how they can update their Flash ads to HTML5 to ensure their “creative can continue to show on the Google Display Network” after Jan. 2, 2017. The company also notes that only display ads will be affected by the change, and that video ads built in Flash will not be impacted at this time.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.