Security Experts:

Connect with us

Hi, what are you looking for?



Google to Stop Accepting Flash Ads

Google this week said it would stop accepting display ads built in Adobe Flash starting on Jun. 30, 2016, with plans to completely remove them from its platforms by Jan. 2, 2017.

Google this week said it would stop accepting display ads built in Adobe Flash starting on Jun. 30, 2016, with plans to completely remove them from its platforms by Jan. 2, 2017.

As of Jun. 30, advertisers will no longer be able to upload display ads built in Flash on Google’s AdWords and DoubleClick Digital Marketing platforms, and the Internet giant says it will stop display such ads at the beginning of next year. To ensure that their ads can still run on these platforms, advertisers are advised to update them to HTML5.

Google’s announcement comes almost half a year after Amazon stopped accepting Flash ads on its online shopping website. At the time, Amazon said that the move, which went into effect on Sept. 1, 2015, was prompted by browser setting in Chrome, Firefox, and Safari, which were meant to limit Flash content displayed on web pages.

The Flash plugin has been long considered a security menace, and experts have often advised both users and developers to move away from the insecure software. Adobe, on the other hand, is working hard on patching vulnerabilities in the popular plugin, and has partnered with researchers and organizations to find and resolve bugs in it.

The large number of security flaws in Flash, however, represents an attractive attack surface for cybercriminals, especially for those behind exploit kits, which often include newly patched vulnerabilities in their malicious programs. In fact, a November report from Recorded Future revealed that eight of the top ten vulnerabilities used by exploit kits in 2015 leveraged flaws in Flash Player.

While Adobe does not seem ready to let the plugin go just yet, other companies are not as keen on keeping insecure software alive. In January, Oracle announced plans to kill the Java browser plugin, a decision triggered by browsers such as Chrome , Firefox, and Edge phasing out support for NPAPI (Netscape Plugin Application Programming Interface).

Google did not cite security concerns as the main trigger for shutting down support for ads built in Flash, but instead says that it is going all in with HTML5, and that the move would help advertisers reach the widest possible audience across screens. In a post on Google+, the company also notes that the transition should result in an enhanced browsing experience for more people on more devices.

In August 2014, Google suggested that AdWords advertisers should adopt HTML5 for their ads at a larger scale, saying that there were “more consumers using the web in HTML5-compatible environments than in Flash-compatible environments” at the time. Advertisers were able to convert ads built in Flash to identical HTML5 ads, and that hasn’t changed until now.

In fact, the Internet giant provides AdWords advertisers with a guide on how they can update their Flash ads to HTML5 to ensure their “creative can continue to show on the Google Display Network” after Jan. 2, 2017. The company also notes that only display ads will be affected by the change, and that video ads built in Flash will not be impacted at this time.

Written By

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.