Google plans to begin phasing out support for Adobe's Flash Player by the end of this year, the search company announced on a Chromium forum.
Google's decision follows a move among many tech companies to avoid the persistent security risks posed by Flash Player in favor of HTML5. Facebook abandoned Flash in videos such as in Facebook News Feed and on Facebook Pages in December 20015, switching instead to HTML5. However, the social media company continues to use Flash for Facebook games. Amazon announced in July 2015 it would replace Adobe Flash and Microsoft Silverlight with HTML5. YouTube switched to HTML5 as its default video player from Flash in January 2015.
Netflix, which previously used Microsoft Silverlight instead of Flash until 2013, switched from Silverlight to a HTML5-based video player.
“If a site offers an HTML5 experience, this change will make that the primary experience. We will continue to ship Flash Player with Chrome, and if a site truly requires Flash, a prompt will appear at the top of the page when the user first visits that site, giving them the option of allowing it to run for that site,” wrote Anthony LaForge, a technical program manager at Google heading Chrome development.
Researchers report an increasing use of Flash vulnerabilities, such as through serving malware on infected websites or incorporating vulnerabilities into exploit kits. Flash exploits increased by 200% in 2015, according to Bromium Labs' 2015 Threat Report.
Chrome will grant a one-year extension to the top 10 websites that use Flash to “reduce the initial user impact,” based on Chrome's internal metrics. These exemptions include YouTube.com, Facebook.com, Yahoo.com, VK.com, Live.com, Yandex.ru, OK.ru, Twitch.tv, Amazon.com, and Mail.ru.
Last week, Adobe patched the latest critical vulnerability affecting Flash in Windows, Mac OS X, Linux and ChromeOS.