Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Edge to Block Flash by Default

Microsoft Edge is the latest Web browser to switch to HTML5 and keep Flash blocked by default unless users enable it to run on sites that require it.

Microsoft Edge is the latest Web browser to switch to HTML5 and keep Flash blocked by default unless users enable it to run on sites that require it.

Both Google and Mozilla announced similar moves for the Chrome and Firefox browsers, and Microsoft appears determined to join the pack. While Chrome 55 started blocking Flash by default earlier this month, Mozilla announced in July that Firefox would make a similar move next year. For now, only some Flash content on web pages is being blocked.

Adobe’s Flash Player has been a key driver for rich online content for a very long time, but the large number of vulnerabilities constantly discovered in it, coupled with performance issues, encouraged large Internet players to move away from it. In fact, even Adobe is currently encouraging the deprecation of Flash, and it doesn’t come as a surprise that major browsers are already taking big steps in this direction.

Microsoft Edge is already providing users with some control over Flash through selectively pausing certain Flash content that is not central to the page, such as ads. All users of the Windows 10 Anniversary Update benefit from this increased control over Flash content, which is set to become even more aggressive next year, when Windows 10 Creator’s Update arrives.

“In our next release, we will extend this functionality and encourage the transition to HTML5 alternatives by providing additional user control over when Flash content loads. Windows Insiders will be able to try an early implementation of this feature soon in upcoming preview builds,” Crispin Cowan, Senior Program Manager, and John Hazen, PM Manager, Microsoft Edge, explained.

Starting next year, Microsoft Edge will deliver a clean HTML5 experience when encountering sites that support the standard, and will block Flash altogether in such cases, which should result in improved performance, battery life, and security. When encountering sites that still depend on Flash, the browser will request users to allow it to load and run, and the option will be saved for subsequent visits.

To ensure that the transition to HTML5 is smooth, however, the change will not be applied to the most popular sites in the beginning, Microsoft says. Following several months of evaluation and monitoring of Flash consumption in Microsoft Edge, the company will shorten the list of automatic exceptions.

“We advise web developers to migrate to standardized content delivery mechanisms like JavaScript and HTML5 Encrypted Media Extensions, Media Source Extensions, Canvas, Web Audio, and RTC in the coming months,” Cowan notes.

Advertisement. Scroll to continue reading.

Related: Adobe Patches Flash Zero-Day Exploited in Targeted Attacks

Related: Flash Player Remains Main Target of Exploit Kits: Report

Related: HTML5 Won’t Stop Malvertising, Brings New Threats

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.