Chrome 55 Now Blocks Flash, Uses HTML5 By Default

An anonymous reader quotes Bleeping Computer: Chrome 55, released earlier this week, now blocks all Adobe Flash content by default, according to a plan set in motion by Google engineers earlier this year... While some of the initial implementation details of the "HTML5 By Default" plan changed since then, Flash has been phased out in favor of HTML5 as the primary technology for playing multimedia content in Chrome.

Google's plan is to turn off Flash and use HTML5 for all sites. Where HTML5 isn't supported, Chrome will prompt users and ask them if they want to run Flash to view multimedia content. The user's option would be remembered for subsequent visits, but there's also an option in the browser's settings section, under Settings > Content Settings > Flash > Manage Exceptions, where users can add the websites they want to allow Flash to run by default.
Exceptions will also be made automatically for your more frequently-visited sites -- which, for many users, will include YouTube. And Chrome will continue to ship with Flash -- as well as an option to re-enable Flash on all sites.

About time...

[__aaclcg7560]

As young help desk technician eight years ago, Flash was almost as worst as the intranet sites that required IE6 to work. Every month a new version of Flash comes out to break the intranet sites for users because the program auto updates on its own and the intranet team was always two weeks behind on updating Flash on the web servers. Every month I got tickets to remote into systems to rollback to the previous version of Flash to get the intranet sites working again.

As a computer security technician today, Silverlight is becoming the new Flash with problematic installs that refuse to update properly. Every month the Nessus scan spits out a list of systems that I remote into to run a Microsoft Fix-It program to uninstall the older version and reinstall the baseline version.

Re:About time...

[ledow]

Education:

If it's not HTML5, they are required to push out an iPad app because there will be something that doesn't work on Safari. Android / Chromebook apps will never appear or will have to wait for the HTML5 version, and it will never be properly navigable across all devices with bare HTML5 (people keep telling me this, I've yet to see a decent demonstration that doesn't just send you to two different places). Hell, these people still use Quicktime...

Banking:

Our business banking partner insisted on using IE until this year. When they then realised it was going to die and they had to upgrade for Windows 10? We now HAVE to use Firefox ESR editions with a specific .NET Framework, an ActiveX-like control and exceptions for scripting etc. on their domains (their software tries to auto-add them on install to IE too!). If anything, we've taken two steps back in terms of security there, and still have a browser that is NOT our default browser just for banking.

Video streaming:

They all started off saying they'll support HTML5, but some of the HTML5 versions are literally play and stop and that's it. A load of sites break when you try to just play a movie, and how do I stop it auto-playing? Oh, there's a plugin/extension/js for that.

We need to get off our arses and just say "Fuck off. Plain HTML5 and nothing else or we don't visit". I still run across pages that want Java and all kinds of junk.

Relying on a plugin of any kind, even Flash, (plugins have to be native code) is inherently not cross-platform and is a security risk. You have no idea if that plugin's breaking open your SSL sessions and handling other data from sites insecurely.

Trouble is, the places that MATTER (i.e. schools which are teaching the children how to use a computer, and banks which are holding your money to ransom if you're anybody) don't give a shit. We're still fighting banks on "but this is more secure" when they make us run closed code in a closed plugin tied into closed sites on a particular browser that's not your normal browser and is - by definition - outdated. It shouldn't be.

The quicker Chrome blocks all this shit, and Microsoft Edge and Safari follow, the quicker people will have to fix it to make things work as before.

Don't let the banks pull the "You must use IE shit" any more. Literally just switch them off and go "We warned you, now you'll need to follow best practice as we've said for decades".