• Home »
• Self-Help Resources »
• Plugins

Plugins

Legacy web browser addons

 

PDF | Flash | Java | QuickTime | RealPlayer
Plugin Vulnerabilities

All trademarks, company names or logos are the property of their respective owners.
I no longer develop this legacy resource.

Plugins: Vulnerable Legacy Applications

Plugins are legacy applications that were once required for browsers to view and hear multimedia content on the Web.

“Helper” Applications

Unlike extensions, which are installed in your browser, plugins provided support and access to external "helper" applications installed on your computer.

Plugins provided animation via Flash or Shockwave and PDF support via Adobe Reader.

Too Many Vulnerabilities

Unfortunately, plugins have extensive vulnerabilities which can affect the computers where they are installed.

Mobile Devices Unsupported

Plugins are not supported on mobile devices.

As mobile devices became more popular and people began to use them for accessing the Internet, the fact that plugins were unsupported by browsers on mobile devices became a problem.

It turns out that people on mobile devices wanted the same multimedia experience that was available on computers.

Their Reign Has Ended

Between the problems with vulnerabilities and the emergence of mobile access to the Internet, the days of plugin dominance were numbered.

Work began to replace plugins and develop technologies that would work on both with mobile and regular computers. That technologies was released with HTML5 (the fifth version of the HTML standard).

Plugins have since either disappeared or are on life support. Their reign has ended.

Return to top

The Technology Has Changed

Modern browsers can natively display and play that content without plugins.

Plugins have been replaced with native web technologies included with HTML5 that can safely and natively provide the functions within modern browsers, including on mobile devices.

Uninstall Plugins

I recommend that you uninstall these vulnerable plugins:

• Adobe Reader.
• Flash.
• Shockwave Player.
• Java.
• QuickTime for Windows.
• RealPlayer.

HTML5 technologies are universally supported in modern browsers.

Open Standards Safer and Accessible

Open standards are faster and safer than proprietary plugin technologies.

[A]s open standards like HTML5, WebGL and WebAssembly have matured over the past several years, most now provide many of the capabilities and functionalities that plugins pioneered and have become a viable alternative for content on the web.
— Adobe

Online Gaming Sites

Online gaming sites have moved to HTML5 and now support mobile devices:

Java and Flash are two technologies that have powered Pogo games for many years, but they're no longer supported by most web browsers. Because of this, we're retiring Flash-based games from Pogo.

 

We're continuing to update our most popular games to HTML5. We've improved graphics, performance, and accessibility whether you're using your computer, tablet, or smartphone.
— Pogo.com

Return to top

PDF Readers

PDF is a format invented by Adobe that allows files to be viewed anywhere with the proper fonts regardless of the software it was created with.

Traditionally, Adobe Reader provided access to online PDFs using a plugin.

Browsers Natively Display PDF Documents

Most modern browsers can now display PDF documents natively without plugins.

Microsoft Edge is set as the default Windows 10 viewer for PDFs, but you can change that:

1. Click on Start ⇒ Settings ⇒ Apps ⇒ Default apps
2. Scroll down and click on choose default applications by file type.
3. Wait for the options to load, then scroll down to .PDF and change the default option there.

Interactive Features

Current versions of Firefox, Microsoft Edge and Google Chrome also allow you to fill in interactive PDF forms before you save or print them.

If your browser doesn't natively support the features you need, open the document in an external PDF viewer.

Dedicated PDF Readers

Even though browsers have built-in capabilities, dedicated PDF readers like Adobe Reader or other PDF readers usually have more features than your browser can provide.

Professional Software

Professional PDF software like Adobe Acrobat, Able2Extract Pro or Nitro Pro add comprehensive editing capabilities.

Adobe Reader

Adobe Reader has been flagged as a security vulnerability.

• Many computers have obsolete (unsafe) versions installed.
• Any version of Adobe Reader, Adobe Acrobat or any PDF software prior to the most recent version should be updated or uninstalled.

 

Return to top

Adobe Flash Player

Adobe Flash Player reached its end-of-life on December 31, 2020 and is no longer supported. You should uninstall Flash Player.

Flash content has been replaced with native HTML5 technology.

Uninstalling Flash

Flash Player may remain on your system unless you uninstall it. Uninstalling Flash Player will help secure your system since Adobe will not issue Flash Player updates or security patches after the EOL Date.
— Adobe

• KB4577586 uninstalls Flash Player for Windows 10.
• Uninstall Flash Player for Windows.
• Uninstall Flash Player for Mac OS.

 

Return to top

Shockwave Player

Shockwave Player reached its end-of-life on April 9, 2019 and is no longer supported. You should uninstall Shockwave Player.

 

Return to top

Java

Java plugins are now either unsupported or blocked by most browsers. You should uninstall Java.

License Changed

Java is free for personal use but most browsers ended support with Java SE 8.

Java Vulnerable

It has been known for some time that Java makes your computer vulnerable.

• Most sites and applications have moved to native HTML5 technology.
• Using legacy browsers in order to enable Java puts your computer at risk.

Java Usually Unnecessary

Java no longer runs in modern browsers and is no longer necessary for most people. Remove Java if you don't need it (most people don't).

By uninstalling Java you can determine if you need it. If you find you require Java, it can be quickly reinstalled.

• How to uninstall Java

Update Regularly

If installed, be sure to frequently update Java.

Out-of-date versions of Java on your computer may present a serious security risk.
— Java.com

Ensure you remove older versions (you may need to manually remove these).

Learn more about Java.

Download/Test Your Installation

Download Java | What is Java? | Troubleshooting Tips

 

Return to top

QuickTime

Uninstall QuickTime for Windows

QuickTime 7 for Windows is no longer supported by Apple and contains dangerous vulnerabilities. It should be uninstalled.

New versions of Windows since 2009 have included support for the key media formats, such as H.264 and AAC, that QuickTime 7 enabled. All current Windows web browsers support video without the need for browser plug-ins.
— Apple Support

QuickTime for Mac

QuickTime is supported for macOS and iOS. Update to the latest version or uninstall it (saving your QuickTime Pro registration key before uninstalling).

VLC for Offline Multimedia

VLC Player is strongly recommended for playing offline multimedia content.

Return to top

RealPlayer

Uninstall RealPlayer

You should uninstall RealPlayer.

• RealPlayer plugin has been flagged as unsafe by Firefox and Chrome.
• RealPlayer has a shady history of spyware and nag screens.

In the 1990s, RealPlayer was a fundamentally ambitious piece of software. It set the groundwork for how we would come to consume media, and in many respects, we owe it a massive debt of gratitude. But it was also a fundamentally flawed piece of software, whose execution didn't quite do its lofty goals justice.

 

20 years later, little has changed. The ambition behind RealPlayer is still there, but this time round, it feels much less focused. Rather than do one thing badly, RealPlayer does many things badly.— Make Use Of

VLC for Offline Multimedia

VLC Player is strongly recommended for playing offline multimedia content.

Return to top

Plugin Vulnerabilities

Out-of-date or misappropriated plugins leave you vulnerable and can make your browser unstable.

Users who rarely update their software and use insufficient security software have virtually no chance when faced with specially prepared malware.
— AV-TEST

Plugins are blocked by modern browsers.

Adobe Reader, Flash & Java

Adobe Reader, Adobe Flash and Java have long been known to be vulnerable to exploits which makes our computers insecure.

Adobe Reader, Adobe Flash and Java are together responsible for two thirds of the vulnerabilities in Windows systems exploited by malware.
— AV-TEST

Mac & Linux User Now Insecure

Mac and Linux, once thought to be immune, are now vulnerable to malware and software exploits.

• Macs no longer safe from security threats.

Update Frequently

Check frequently for updates to plugins installed on your system.

Remove Obsolete Plugins

Remove obsolete or unused plugins unsupported by current browsers.

Unless you have special circumstances (e.g., historical research on plugins or a demonstrated need for Java) that advice should be followed by everyone.

HTML5 Safer

Plugins have security issues. HTML5 technologies are safer and built into current and future browsers.

Unsafe Plugins Disabled By Default

Current versions of browsers like Firefox and Chrome disable unsafe plugins like Java.

Modern browsers can natively display PDFs. Plugins are unnecessary.

NPAPI Plugins Deprecated

NPAPI-based plugins have disappeared. They are either unsupported or blocked by most browsers.

Many traditional plugins are no longer available and should be uninstalled.

 

Related Resources

On this site:

• Resources index
• Browser extensions
• HTML5 technologies
• Web browsers
• Safer browsing
• Web security
• Java
• Malware
• Web browser weaknesses

Found this resource useful?