The upside to being a guest user is that you always start with a virgin copy of the operating system. When it comes to blocking Flash, however, this is also a downside. As of Chrome OS version 46 and probably earlier versions too , Google defaults to "Detect and run important plugin content". At one point, I was viewing a single web page and the Chromebook was sluggish.
I killed the Flash process, but it soon came back even though I was still on the same web page. Annoyingly, if you want to block Flash content by default, Guest users on Chrome OS need to change the plugin action to "Let me choose when to run plugin content" every time they logon. I have said this here for years and now it is more true than ever.
For one thing, Chrome does a painless if at times less than perfect job of keeping the Flash Player up to date with bug fixes. The end user is not told or asked, which, in my opinion, is the way it should be. This too, has been true for a long time, and was illustrated recently when a flaw was exploitable in IE and Firefox but not in Chrome. What's new here is the recommendation to use click-to-play as a defensive tactic in Chrome.
Websites that need Flash can still use it, but the end user has to first okay this by clicking on the area of the page devoted to Flash. You can also whitelist some websites. As of Chrome v45, you enable click-to-play with: It is packaged one way for use with Internet Explorer an ActiveX control and another way referred to as the plugin version for use with Firefox and Opera.
Then along came Chrome with its own embedded copy, an idea that Microsoft copied with the desktop edition of Internet Explorer 10 and 11 on Windows 8. Each packaging of the Flash Player is independent, so one of Adobe's Flash tester pages linked to above needs to be run in each installed browser.
For many years the update procedure for Flash was manual, rather than automatic. Now December that things are more automated, the problem is inconsistency. Each Windows browser self-updates Flash using a different mechanism. Internet Explorer, in its never-ending quest to be the worst option, updates Flash one way on Windows 7 and a different way on Windows 8.
The Flash Player has its own, optional, self-update mechanism first introduced in the summer of This same Adobe-provided mechanism is used by Firefox. Chrome has always been the best at this, despite some potholes along the way. It updates Flash along with the browser itself, silently and reasonably quickly. The portable version of Chrome is an exception. When run stand-alone that is, without the PortableApps.
The potholes I referred to above are a reference to Google's use of their component updating system for the Flash player. This software updating scheme is separate and distinct from the updating mechanism used for the rest of the browser. My experience has been that Flash updates via the component system roll out much slower.
Thus, vulnerable Flash software remains installed much longer than it used to. See my October blog on this Chrome browser on Windows fails to update embedded Flash player. It is not clear to me that Google always uses their component mechanism for updating Flash. To see the version of Flash, and all plugins used by Chrome, enter chrome: For full details on just Flash enter chrome: I am a huge fan of the portable edition of Firefox.
As a rule, it picks up the same copy of Flash that a normally installed copy of Firefox does. However, I have run across portable copies of Firefox with their own embedded copy of Flash. Portable Firefox users should update Flash in the same way you would for a normally installed copy of Firefox and then verify each portable instance of Firefox at Adobe's tester page.
One issue with IE 10 and 11 using Windows Update to deliver Flash player updates is that Microsoft normally releases updates once a month. If Flash needs to be updated immediately, Microsoft may be reluctant to break from their schedule. Microsoft puts Windows 8 users at risk with missing Flash update. In fairness, Windows 8 had not been released at the time. Another article on this, one which did a good job putting things in perspective is Adobe confirms Windows 8 users vulnerable to active Flash exploits by Gregg Keizer in Computerworld.
The way this seems to have played out is that Adobe adjusted their release schedule to match that of Microsoft. On the second Tuesday of the month both companies release bug fixes. Of course, that leaves Windows users vulnerable to known flaws in the Flash player longer. Manually un-installing the Flash browser plugins for IE and Firefox It is normally not necessary to manually remove an old version of the Flash Player plugin before installing a new version. Still, I suggest doing so, to verify that the un-install worked before upgrading.
Windows users can un-install Flash from the Control panel list of installed software - look for two versions ActiveX and plugin and remove each. Again, this is, limited, as it does not remove the copies of Flash embedded in other software such as Chrome and the Adobe Reader. PepperFlash August 19, For more, see my blog Explaining the confusion over Flash versions.
Flash in the Adobe Reader and other software Outside of the installed copies of Flash that the Operating System is aware of, and outside of Chrome, Flash is also embedded in other software.
Popular programs that include their own embedded copies of the Flash Player are the Adobe Reader versions 9 and 10 Flash is not included with the Adobe Reader version 8 and Adobe Acrobat. In fact, malicious Flash files have been embedded inside Office documents as part of a phishing attack. I don't know which version of the Flash player is picked up by Office apps. All these copies are not necessarily patched at the same time by Adobe.
More than once the workaround for a vulnerable embedded copy of Flash in Reader and Acrobat has been to rename, move or delete a file. This is true for both Adobe Reader version 9 and X. Here is a brief summary: Adobe Reader and Acrobat 9. It is typically located at C: Delete or move the AuthPlayLib. Remove the library named "libauthplay. Things are changing here. See what Adobe says.
Starting with the Reader and Acrobat 9. Adobe is working on doing the same with Adobe Reader X. Opera on Windows I don't use Opera. According to Adobe it uses the plugin version of Flash that Firefox uses. Flaws in Adobe's warning to update Flash November 11, I wrote the below text in this section many years ago.
Yet, news broke today about updates to the Flash Player being used for years to infect "high value" guests at hotels.