Zscaler Data Protection Recognized as a 2023 Product of the Year by CRN

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

The Move to Plugin-Free Browsers

February 22, 2013 - 2 min read
Apple was the first major player to offer a browser with no plugins with Safari for iOS. Even the very popular Flash plugin cannot run in the browser. However, no vendor, including Apple, has had such restrictions on their desktop products.

Microsoft has now also gone plugin-free with Internet Explorer 10 Metro. This version of Internet Explorer does not support plugins (except for the embedded Flash plugin, which is allowed on a few explicitly permitted sites only). See "Get Ready for plugin-free browsing" for additional details.

Chrome and Firefox are also moving in the direction of plugin-free browsers too. The first step is Click to Play, which enables plugins only after an interaction from the user, not by default. With the release of Firefox 19, Mozilla has removed the need to leverage the Adobe Reader plugin by providing a JavaScript based PDF reader. Firefox is also going to enable Click to Play by default (except for Flash) in the next releases.

Blame the plugin vendors

HTML5 is helping browser vendors to get rid of some plugins, like Flash. For example, the standardization around video and sound means Flash is no longer the only option to play a video on modern browsers.

But the main drive toward plugin-free browsers is security. The latest Java vulnerabilities actively exploited and leveraged in successful attacks against Facebook and Apple, are just the latest flaws exposed in Java, Flash and Adobe Reader plugins.

Because these plugins live outside of the browser, they cannot be updated automatically by the browser vendors. Our State of the Web reports continually show that users are slow to update their plugins, even after well publicized vulnerabilities are found.

Not the end of vulnerable browsers

The end of the plugins does not mean the end of vulnerabilities in browser, just fewer of them. This month Microsoft patched about 11 security flaws. But unlike vulnerabilities in plugins which can be exploited in all browsers, browser vulns are specific to each vendor.
form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.