Google this week said it would stop accepting display ads built in Adobe Flash starting on Jun. 30, 2016, with plans to completely remove them from its platforms by Jan. 2, 2017.
As of Jun. 30, advertisers will no longer be able to upload display ads built in Flash on Google’s AdWords and DoubleClick Digital Marketing platforms, and the Internet giant says it will stop display such ads at the beginning of next year. To ensure that their ads can still run on these platforms, advertisers are advised to update them to HTML5.
Google’s announcement comes almost half a year after Amazon stopped accepting Flash ads on its online shopping website. At the time, Amazon said that the move, which went into effect on Sept. 1, 2015, was prompted by browser setting in Chrome, Firefox, and Safari, which were meant to limit Flash content displayed on web pages.
The Flash plugin has been long considered a security menace, and experts have often advised both users and developers to move away from the insecure software. Adobe, on the other hand, is working hard on patching vulnerabilities in the popular plugin, and has partnered with researchers and organizations to find and resolve bugs in it.
The large number of security flaws in Flash, however, represents an attractive attack surface for cybercriminals, especially for those behind exploit kits, which often include newly patched vulnerabilities in their malicious programs. In fact, a November report from Recorded Future revealed that eight of the top ten vulnerabilities used by exploit kits in 2015 leveraged flaws in Flash Player.
While Adobe does not seem ready to let the plugin go just yet, other companies are not as keen on keeping insecure software alive. In January, Oracle announced plans to kill the Java browser plugin, a decision triggered by browsers such as Chrome , Firefox, and Edge phasing out support for NPAPI (Netscape Plugin Application Programming Interface).
Google did not cite security concerns as the main trigger for shutting down support for ads built in Flash, but instead says that it is going all in with HTML5, and that the move would help advertisers reach the widest possible audience across screens. In a post on Google+, the company also notes that the transition should result in an enhanced browsing experience for more people on more devices.