Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome 55 Now Blocks Flash, Uses HTML5 By Default (bleepingcomputer.com)

Posted by EditorDavid on from the Flash-in-the-can dept.

An anonymous reader quotes Bleeping Computer: Chrome 55, released earlier this week, now blocks all Adobe Flash content by default, according to a plan set in motion by Google engineers earlier this year... While some of the initial implementation details of the "HTML5 By Default" plan changed since then, Flash has been phased out in favor of HTML5 as the primary technology for playing multimedia content in Chrome.

Google's plan is to turn off Flash and use HTML5 for all sites. Where HTML5 isn't supported, Chrome will prompt users and ask them if they want to run Flash to view multimedia content. The user's option would be remembered for subsequent visits, but there's also an option in the browser's settings section, under Settings > Content Settings > Flash > Manage Exceptions, where users can add the websites they want to allow Flash to run by default.
Exceptions will also be made automatically for your more frequently-visited sites -- which, for many users, will include YouTube. And Chrome will continue to ship with Flash -- as well as an option to re-enable Flash on all sites.

15 of 98 comments (clear)

  1. So does it still let you "always click to flash"? by tlambert · · Score: 2

    So does it still let you "always click to flash"?

    It'd be a real pain in the ass if, by watching one video, I have to always allow Facebook (major example) to run flash content, rather than just the specific flash content I authorize.

    Also: where's the "click to run HTML5 video", please?

  2. About time... by __aaclcg7560 · · Score: 3, Insightful

    As young help desk technician eight years ago, Flash was almost as worst as the intranet sites that required IE6 to work. Every month a new version of Flash comes out to break the intranet sites for users because the program auto updates on its own and the intranet team was always two weeks behind on updating Flash on the web servers. Every month I got tickets to remote into systems to rollback to the previous version of Flash to get the intranet sites working again.

    As a computer security technician today, Silverlight is becoming the new Flash with problematic installs that refuse to update properly. Every month the Nessus scan spits out a list of systems that I remote into to run a Microsoft Fix-It program to uninstall the older version and reinstall the baseline version.

    1. Re:About time... by ledow · · Score: 3, Insightful

      Education:

      If it's not HTML5, they are required to push out an iPad app because there will be something that doesn't work on Safari. Android / Chromebook apps will never appear or will have to wait for the HTML5 version, and it will never be properly navigable across all devices with bare HTML5 (people keep telling me this, I've yet to see a decent demonstration that doesn't just send you to two different places). Hell, these people still use Quicktime...

      Banking:

      Our business banking partner insisted on using IE until this year. When they then realised it was going to die and they had to upgrade for Windows 10? We now HAVE to use Firefox ESR editions with a specific .NET Framework, an ActiveX-like control and exceptions for scripting etc. on their domains (their software tries to auto-add them on install to IE too!). If anything, we've taken two steps back in terms of security there, and still have a browser that is NOT our default browser just for banking.

      Video streaming:

      They all started off saying they'll support HTML5, but some of the HTML5 versions are literally play and stop and that's it. A load of sites break when you try to just play a movie, and how do I stop it auto-playing? Oh, there's a plugin/extension/js for that.

      We need to get off our arses and just say "Fuck off. Plain HTML5 and nothing else or we don't visit". I still run across pages that want Java and all kinds of junk.

      Relying on a plugin of any kind, even Flash, (plugins have to be native code) is inherently not cross-platform and is a security risk. You have no idea if that plugin's breaking open your SSL sessions and handling other data from sites insecurely.

      Trouble is, the places that MATTER (i.e. schools which are teaching the children how to use a computer, and banks which are holding your money to ransom if you're anybody) don't give a shit. We're still fighting banks on "but this is more secure" when they make us run closed code in a closed plugin tied into closed sites on a particular browser that's not your normal browser and is - by definition - outdated. It shouldn't be.

      The quicker Chrome blocks all this shit, and Microsoft Edge and Safari follow, the quicker people will have to fix it to make things work as before.

      Don't let the banks pull the "You must use IE shit" any more. Literally just switch them off and go "We warned you, now you'll need to follow best practice as we've said for decades".

    2. Re:About time... by __aaclcg7560 · · Score: 2

      If you can't determine the meaning of words or phrases within the framework of the context in which they're used you're the one with issues and nobody gives a shit about your arbitrary mere opinion, get it?

      I read and understood what the OP wrote just fine — after I read it two or three times. For someone proclaiming to have a university education, I find it disturbing that person would write like a Millennial speaking out of his ass.

    3. Re:About time... by Waccoon · · Score: 2

      Trouble is, the places that MATTER (i.e. schools which are teaching the children how to use a computer, and banks which are holding your money to ransom if you're anybody) don't give a shit. We're still fighting banks on "but this is more secure" when they make us run closed code in a closed plugin tied into closed sites on a particular browser that's not your normal browser and is - by definition - outdated. It shouldn't be.

      No offense, but the biggest problem I've run into over the last year are web sites that use every damn proprietary feature of Chrome and try to itemize workarounds for every other browser. My problem isn't coming across web sites that still push Flash and Java, it's sites that are largely broken in Firefox and IE/Edge, and totally broken in Pale Moon.

      Now that Chrome and the Blink engine are the most popular web technologies on the planet, I'm finding it hard to find sites that work in any other web browser that uses HTML5, no matter how up-to-date it is. Web developers need to get their heads out of their asses and make things that actually just work, not support only the absolute latest version of Chrome that was just released tomorrow.

      The call for "standards compliance" from the early 2010's isn't fashionable anymore. Nobody gives a shit about HTML5 -- it's stupid, broken, non-standard DOM all the way down.

  3. Re:Thanks, Donald! by __aaclcg7560 · · Score: 2, Funny

    Society is once again better off thanks to Trump! This would never have happened under Clinton's watch.

    Never mind that neither of them are president.

  4. Re:What? No flash photography? by acroyear · · Score: 3, Funny

    raise your ISO.

    --
    "But remember, most lynch mobs aren't this nice." (H.Simpson)
    -- Joe
  5. Re:If only by Anonymous Coward · · Score: 2, Funny

    Good citizen, your Google tracking software is working!

  6. Re:Great by Motherfucking+Shit · · Score: 2

    a) there are still hundreds of sites out there that use Flash and have no way to change this easily (homestarrunner.com, for example)

    Yeah, this sucks. Most weather radar sites (including a lot of NOAA products) require Flash. It's getting a little better, but very slowly.

    b) there are things that you can't even DO with HTML5, but are readily available in flash. Notably, filesystem access.

    Thank goodness for that. A widget in a web browser has no business autonomously accessing my filesystem. If I want to intentionally upload or download a file, every browser can do that without a plugin.

    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  7. Re:Too many websites use Flash by fustakrakich · · Score: 2

    It's too bad Adobe can't write secure software.

    Sure they can. It's just not worth the expense. Besides, the OS is just as much to blame. If it ran in read only memory, this wouldn't be such a big issue.

    --
    “He’s not deformed, he’s just drunk!”
  8. Re:So does it still let you "always click to flash by Talla · · Score: 4, Informative

    Also: where's the "click to run HTML5 video", please?

    Even more importantly, where's the click to start downloading HTML5 video? Most HTML5 video can be stopped from playing automatically but it will still start downloading, and drain the quota on a metered connection in no time.

  9. Doesn't seem to work by MikeDataLink · · Score: 2

    I have Chrome 55 installed, but flash is still working in all the tests I do without prompting me. Even going to isflashinstalled.com works.

    --
    Mike @ The Geek Pub. Let's Make Stuff!
  10. Re:Great by Dutch+Gun · · Score: 2

    Yes, flash is a piece of turd. But it is a WORKING piece of turd, and HTML5 won't change that.

    Unfortunately, it's also a DANGEROUS turd. I understand that many sites will continue to require Flash in the near future. These will continue to work, just with an extra click. We're not talking about the complete elimination of Flash here. But it should be treated as the dangerous malware vector that it is, and only activate when someone really wants to activate it. I agree that functionality-wise, Flash has a lot going for it. But it's just not worth the price we paid (and continue to pay) security-wise.

    Adobe had Flash, Microsoft had ActiveX, and Java had its plugin. All three were major security disasters, and we're still feeling the negative effects of all of them even today. I welcome anything that sweeps those technologies toward the dustbin of internet history.

    --
    Irony: Agile development has too much intertia to be abandoned now.
  11. Re:Thanks, Donald! by __aaclcg7560 · · Score: 2

    Believe it or not, they're now grooming Chelsea to be the next political Clinton operative.

    If she's follows her mother's footsteps by running for Senate, serving time as a Senator (her mother served for eight years), and then running for president, I don't have problem with that. I just don't see her running for president in 2020 or 2024 with the Clinton baggage train following her. Undoubtedly, one of the Bush kids will have to run against her.

  12. Re:hw accelerated video by knorthern+knight · · Score: 2

    > On top of that you get auto video downloading and that wonderful audio
    > API you can't turn off and is mainly used to fingerprint your browser.

    A Pale Moon user here. My about:config includes...

    media.audio_data.enabled; false
    media.autoplay.allowscripted; false
    media.autoplay.enabled; false

    No problem.

    --

    I'm not repeating myself
    I'm an X window user; I'm an ex-Windows user