The love affair with browser plugins has been on the decline and we’re finally at a point where the average user can do away with them once and for all. Flash had a particularly tough year after Firefox disabled the plugin by default after the Hacking Team breach revealed the existence of new Flash 0days. Facebook’s Security Chief also piled on asking “Adobe to announce an end-of-life date for Flash”
This after Steve Jobs famously refused to include Flash on iOS, claiming that it had been the “number one reason Macs crash” and had “one of the worst security records”. The bashing certainly isn’t unfounded with browser plugins remaining the number one way that Exploit Kit authors target PCs, primarily targeting Java, Flash and PDF vulnerabilities. At least for websites, Flash is on life support, Java died a couple of years ago and PDF plugins are no longer required as browser vendors have baked in native support. Competitors like SilverLight never fully caught on and web apps that would historically have used custom plugins for playing video or screen sharing, have now migrated to HTML5. Not supporting plugins was one things that mobile browsers got right from the get go. In 2016, expect all major browsers to get serious about finally killing off plugin support by default.