Google's Chrome to block Flash this year - except for 10 top websites

Google will soon close one more door on the Flash plugin in Chrome, requiring users to authorize each and every site where they want Flash to load, rather than running it automatically.

googlechromeflash770x322.jpg

Google says if users allows Flash Player to run it will store that preference and refresh the page with Flash Player enabled.

Image: Google

Google has detailed a proposal to make HTML5 the default in Chrome over Adobe's Flash Player.

If all goes to plan, by the fourth quarter of 2016 Chrome will not be using the Flash plugin for the vast majority of the web, and will only make an exception as the default media player for the world's top 10 sites that still rely on Flash.

For the time being, Flash will still be bundled with Chrome, but it will no longer automatically load Flash Player on sites that require it.

​What's really the most popular Web browser?

Most Web browser metrics aren't worth the pixels they're written in, but the US's Digital Analytics Program is based on hard data from real people and the real winner is Google Chrome by a wide margin.

Read More

Instead, users will have to authorize each domain they wish to allow Flash to run on. That preference will be stored in Chrome, so that users don't have to authorize it again when they visit that particular domain in future.

Google outlined the plan in a presentation called 'HTML5 by Default', where it notes that the list of 10 excepted sites will expire after one year.

Presumably after that Chrome will not make any exceptions, meaning users will need to make a conscious choice of selecting each and every site for which they wish to load Flash.

The plan is the latest phase in a long-running effort by Google to move the web away from Flash, which is a constant source of vulnerabilities for desktop users.

Some of the risks from Flash have been reduced by bundling Flash with Chrome, which can force users to update Flash as soon as Adobe releases a patch.

Still, Adobe only last week patched its third zero-day flaw in Flash Player in the past three months, meaning that attackers had found a way to exploit a bug in Flash before Adobe had a patch for it.

Chrome began automatically pausing non-central Flash content on the web last year and Google has been pushing the online ad industry to adopt HTML5 instead of Flash for display ads. Last year it announced plans to go "100 percent HTML5" by January 2, 2017, when it will no longer run Flash display ads on its ad networks.

Adobe has also announced plans to move away from Flash and towards HTML5.

Google notes that in the new HTML5 by Default framework for Chrome, enterprises will have a policy setting for 'Always run Flash content'. Users will also have that option under Content Settings in Chrome.

Read more about Google Chrome