Chrome 76 Blocks Adobe Flash Player Support
Google has launched the latest iteration of the Chrome browser for Windows, Mac and Linux, which blocks Adobe Flash Player default support and comes with 43 security fixes. Plans to deprecate Adobe Flash in Chrome have been going on for years, Chrome 76 takes an official, first step in turning off Flash Player by default. Users can still manually turn it on in their settings. It is part of Google's road map, which has a goal of killing off Adobe Flash support in December 2020.
Google isn't the only company pulling the plug on Flash support since Adobe's announcement in July 2017 that it will no longer update or distribute Flash Player as of the end of 2020. Flash is known to be a favorite target for hackers, particularly for exploit kits, zero-day attacks and phishing schemes. The end of life announcement caused browsers to turn off Flash Player default support. Mozilla also announced it will kill default support for Adobe Flash in Firefox 69, which will be released in September. Microsoft will disable Flash by default in Microsoft Edge and Internet Explorer in mid-to-late 2019, and would fully remove Flash from all Windows versions in 2020.
Google's Chrome 76 has also fixes a recently discovered way that websites can detect if users are using Incognito Mode, a feature that is supposed to make browsing history, sessions and cookies private from others. It was disclosed in June that the mode has been detectable by websites for some time due to a FileSystem API implementation, according to Google Chrome developer Paul Irish. He said that this meant that websites with paywalls could detect if a user was using Incognito Mode to bypass the paywall. In response, Google implemented the FileSystem API in a different way in Chrome 76, fixing the issue.
Chrome 76 also implements 43 other security fixes. The most serious of the vulnerabilities is a high-severity use-after-free vulnerability, CVE-2019-5850, in the offline page-fetcher feature of the browser. There is very little detail abot the flaw which was reported by external researcher Brendon Tiszka as part of Google's bug-bounty program.