Once upon a time, Adobe’s Flash Player was the most popular browser plug-in on the internet, used for games, animation — including the most annoying ads — as well as entire websites. But over the years, Flash became known as one of the biggest security risks. So much so that in 2017, Microsoft changed its Edge browser so that most Flash content would be click-to-run, meaning a user would have to give permission for Flash to run and then see the previously disabled content. Next year, Adobe will officially end support for Flash.

Last week, news reports revealed that Microsoft had allowed 58 websites to run Flash without user permission in a process called whitelisting. Researchers at Google discovered that several of these whitelisted sites contained bugs that could make it easy for hackers to inject malware into the Flash plug-in. Google reported the bug to Microsoft, and the Patch Tuesday update last week pared the approved sites down to just two: www.facebook.com and apps.facebook.com.

In addition to Facebook, risks remain. While modern websites use HTML5 in place of Adobe Flash, you may still run across sites that ask you to enable the Flash Player. Should you click allow? No. And I’d recommend that you take your security measures a step further and disable Flash altogether across the browsers you use.

How to disable Adobe Flash

When you disable Flash completely, you will no longer see the pop-ups asking you to allow Flash to run. Instead, if you load a page that requires Flash, it will be blank or the parts that use Flash will be empty — a few less ads, perhaps. Here’s how to fully disable the plug-in for the major browsers. The exceptions are Google Chrome and Firefox, which do not offer a way to wipe out Flash. However, the browser will remove all support for Flash by December 2020.

Chrome

While Chrome once included an option to disable browser plug-ins entirely, the latest versions do not. To get the most protection, navigate to “Settings” using the three-dot icon in the upper right of your screen. From “Settings,” open the left panel to see “Advanced” options. Click on “Privacy” and then “Content” to find Flash controls. Turn on “Ask First.”

Take it a step further by specifying specific websites to block entirely. You’ll do this once you’re on the website where you want to block Flash. Click on the padlock icon on the far left of the address bar. Click “Site Settings,” then scroll to the Flash area. Choose “Block.” You’ll have to reload the now-blocked website.

Internet Explorer

Click the gear icon to open the “Settings” tab, then go to “Manage Add-ons, Toolbars and Extensions,” and then “Shockwave Flash Object.” Right click “Shockwave Flash Object” and select “More Information.” In this window, click the “Disable” button located at the bottom-right of the window.

Edge

To disable Flash completely, navigate to “Settings,” “View Advanced Settings” and then turn the “Use Adobe Flash” option to off.

Safari

Open “Preferences” and click the “Security” tab, then “Manage Website Settings” next to the “Internet plug-ins” option. In this new menu, select Adobe Flash Player from the list of plug-ins, then set the “When visiting other websites” option to “Block.” Click the “Done” button to save and close.

Firefox

You won’t find global Flash controls in Firefox. Instead, you’ll have to disable Flash on a site-by-site basis. When you visit a website that runs Flash, you will see a permissions box. Click on “Don’t Allow” and be sure to check the box “Remember this decision.”

If you’re running the most recently updated versions of any of the above browsers, you shouldn’t have to manually install an Adobe Flash update because your browser does it automatically. If you receive a pop-up message to download and update Flash, it’s fake and possibly harmful to your computer. The good news is that disabling Adobe Flash will close these security gaps and prevent those fake prompts from showing up in the first place. However, if you have recently installed a fake update, run your security software to remove any malware.