Adobe’s Flash player continues to struggle with security. As noted by ZDNet, the company recently disclosed 52 new vulnerabilities that could lead to remote code execution and includes memory corruption, heap buffer overflows and use-after-free issues.
While a security update was quickly issued to resolve these concerns, the constant break-fix cycle has led some companies — Google and Twitch, for example — to speed their HTML5 update timelines and phase out Adobe’s offering. What does a web experience low on Flash really mean for the future of online security?
Flash in the Pan
According to Google’s official Chrome blog, the time has come to “de-emphasize Flash in favor of HTML5.” While the company acknowledges the “pivotal role” of Adobe’s offering in the evolution of web-based video, gaming and animation, there’s a problem: More than 90 percent of this Flash-based content now loads behind the scenes, not only slowing down the end-user browsing experience, but also increasing the risk of security breaches.
With the release of Chrome 53 this September, the search giant won’t simply ask users if they prefer Flash or HTML5, but will actively block Flash from running unless sites only support the Adobe player. As noted by Ars Technica, the new Firefox 48 release “almost exactly mirrors” the Chrome update. According to TechCrunch, video-streaming site Twitch is also rolling out a beta HTML5 update to replace Flash for its subscribers.
HTML5 Update Improves Speed and Security
So what’s the big benefit for users as companies make the switch from Flash to HTML5? Google said the new technology means reduced power consumption and faster load times, while Twitch users should see fewer frame drops and less CPU load.
Of course, HTML isn’t without its own issues. As noted by Softpedia, HTML5 ads aren’t always safer than their Flash counterparts. This begs the question: Will the move to HTML5 really mean better security for end users or just another set of personal browser problems?
According to ComputerWeekly, there are distinct advantages to choosing the new HTML standard over Flash. First is the rapid uptake of Flash, especially for video players, which led to a massive uptick in vulnerabilities. Coupled with the proprietary nature of Adobe’s code, it became difficult for companies, most famously Apple, to justify the use of this program in their operating systems.
HTML5, by contrast, is an open-source development that leverages JavaScript to perform almost all of its most complex web tasks. The result: Behind-the-scenes loading — where many vulnerabilities flourish — virtually disappears, while developers get more control over how HTML5 deploys in web browsers, displays content and defends against attacks.
HTML5 isn’t perfect, but Flash simply can’t complete. Google’s new stance shouldn’t come as a surprise. It is a significant step toward a less Flashy, more secure web browsing experience.