POST UPDATED: OCTOBER 16, 2017

Flash is phasing out. Every day fewer websites run with Flash since they have replaced it with HTML5 and other formats. Why? Among other things Flash is VERY insecure. For example, there are a lot of flash ads that right now are being injected with malicious code in order to infect everybody visiting certain sites with those ads. You don’t have to click on anything, you don’t have to download a file, you’ll be infected just by getting there.

Today as basically any other day new Flash vulnerabilities came to light; you can see the full list  https://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-6761/Adobe-Flash-Player.html. Vulnerabilities still unpatched (0day) could potentially allow remote access to your computer and data.

If you don’t use flash it’s best to disable it, but if you need it from time to time (certain websites and devices still only use Flash), set your browser to “Ask First” and update to the latest Adobe Flash Player Version https://get.adobe.com/es/flashplayer/.

Disabling Flash in Chrome

The easiest and fastest way to do it is typing on the location bar:

chrome://settings/content

Or if you want the long and click-y version, click on the upper right menu and click on Settings.  

On the window that will appear go to the bottom and click on Advanced. More options will appear including “Content Settings”

Click on that option, it will show the same information that on Figure 1 above.

You’ll see an option for Flash, click on it.

If you want Chrome to ask before running Flash make sure your setup looks like the picture below. This picture shows that Chrome is allowing sites to run Flash but also to ask before running it on a website.

The next time a website is trying to use flash a dialog similar to this will appear:

If you want to completely disable Flash, disable Allow sites to run flash clicking on the blue button, the text now will change to Block sites from running Flash

This window also has the option to block and allow flash per website, either manually or if you selected “Ask First” it will remember your choice of Allow/Block for individual sites.

That’s it!

Disabling Flash in Firefox

Click on the menu symbol on the upper right corner and click on add-ons or on the location bar type about:addons

On the left side menu, click on Plugins  Search for Shockwave Flash or Shockwave for Director (Annoyingly this was the previous name for the Flash plugin).

 Here you can choose  “Ask to Activate“, which in essence would make Firefox to ask to activate Flash in case a site needs it. (See Figure below). Nowadays, this would be rare, since most Flash on the Internet is in ads, not actual content, and even sites who use Flash have an alternate version without it. So you can disable Flash for good, selecting Never Activate. You will see something like this in a web page which only uses Flash.

Final Notes

My personal recommendation is to disable Flash since these vulnerabilities are recurrent.

If you want to know how to disable Flash on Internet Explorer:

https://360techstuff.com/disable-flash-in-internet-explorer-latest-version/

If you want to know how to disable Flash on Microsoft Edge:

https://360techstuff.com/disable-flash-in-microsoft-edge-windows-10/

To improve your security:

• Keep your Operating System, Browsers and Plugins/Add-Ons updated
• Stay away of suspicious websites
• Use an ad blocker like Ublock Origin or Adblock Plus
• Install protection software like Malwarebytes anti Malware and Anti-Exploit

 

I hope this information is useful. Buy me a coffee?