Gone In A Flash: Browsers Pull Proprietary Plugins
It’s hard to imagine dial-up internet in the 1990s without the joys of colorful animation and thousands of ‘miniclip’ games served up by the Adobe® Flash® Player plugin.
External plugins create opportunities for vulnerabilities that are out of the control of browser developers. Only last year, Mozilla temporarily blocked Flash outright in Firefox to protect its users from a security issue with the plugin. Dropping the plugin avoids this avenue of vulnerabilities issues altogether.
Between scrolling, scrolling… and scrolling through endlessly long Geocities pages, it was an ideal platform for timewasting prior to social media, in an era of widespread high latency internet connectivity. With the advent of MySpace and streaming video it also became the default for playing video content on the web.
Yet Flash, and other proprietary plugins such as rival Microsoft® Silverlight® and Oracle® Java applets, were built in an age of restricted HTML upon the cross-browser NPAPI API, a 1990’s relic first introduced in Netscape Navigator. Adding functionality on top of browsers rather than developing functionality natively has left users increasingly vulnerable to web-based attacks from cyber hackers.
Just last month, Google security researchers pointed Adobe to major security flaws that could allow hackers to remotely control Windows OS computers.
Switching The Lights Off
All major browsers have committed to phasing out proprietary plugins, switching to the HTML5 standard for native video playback as default.
Silverlight is already well on its way out, Oracle has announced that the Java plugin will be depreciated from the next release, but the historic prevalence of Flash across the web means that discontinuing its support is a different matter making it a slow and difficult goal to navigate. However, the time now seems unanimously ripe with Google, Mozilla, Apple and Microsoft all committed to side-lining Flash beginning with restrictions on loading its content.
To make sense of these changes, below is a comparison of how popular browsers are phasing-out legacy plugins as well as which DRM system each natively supports. You may also want to view our ‘5 Reasons HTML5 Has Finished Flash’ article.
End consumers using older versions of browsers listed above where HTML5 and EMEs are not implemented will be able to use Flash and Silverlight as regular for video playback.State of browser playback behavior (as of September 2016)
|By default Chrome pauses certain content with click-to-activate prompts December 2016: In Chrome 55 HTML5 will be the overall default, with click-to-activate prompts for sites only supporting Flash (Chrome supports Flash via PPAPI)
|Silverlight is not supported (Chrome 45 fully dropped NPAPI support)
|HTML5/EME via Google Widevine CDM
|By default content ‘not essential’ to the user experience is paused with click-to-activate prompts Early 2017: By default click-to-activate prompts will be displayed before activating any content
|By default certain content requires click-to-activate Early 2017: By default click-to-activate prompts displayed before activating any content March 2017: Silverlight support will be dropped
|HTML5/EME via Google Widevine CDM & Adobe Primetime CDM
|By default Safari 10 (expected Q4 2016) will behave as though plug-ins on Macs are not installed with click-to-activate prompts across all sites
|HTML5/EME via Apple FairPlay Streaming CDM
|By default content ‘not central’ to pages will auto-pause with click-to-activate prompts (example: videos will still load)
|Silverlight is not supported
|HTML5/EME via Microsoft PlayReady CDM
Internet Explorer® (Lifecycle info)
|HTML5/EME via Microsoft PlayReady CDM (IE11 on Win 8.1+ only)
After Flash, Who’s Next? How Does HTML5 Stack Up?
You can also find out more on why HTML5 is is causing many to finish to Adobe Flash in our ‘5 Reasons HTML5 Has Finished Flash’ article.
Follow us on Twitter to ensure you don’t miss more information on this topic.