Google's Chrome web browser could be disabling all Flash content by default before the year's out.

El Reg has learned that developers with the Chromium Project are working on a new feature known as 'HTML5 by Default'.

The move could help to keep users safe by locking off a favorite target for web-based malware exploits.

As its name suggests, the feature would set Chrome to run the HTML5 version of web pages by default. If not available, the browser would then check for Flash content and ask the user to manually approve it before loading.

This would, in effect, seal off Flash content from the user unless absolutely necessary, though Chromium developers do note that they plan to exempt the top 10 domains that use Flash for one year in order to reduce impact of the blockade.

"While Flash historically has been critical for rich media on the web, today in many cases HTML5 provides a more integrated media experience with faster load times and lower power consumption," the Chromium developers explain.

"This change reflects the maturity of HTML5 and its ability to deliver an excellent user experience. We will continue to work closely with Adobe and other browser vendors to keep moving the web platform forward, in particular paying close attention to web gaming."

The developers hope to have the feature running in Chrome by the fourth quarter of this year.

Minimizing or blocking Flash outright is an increasingly popular recommendation due to the prevalance of high-risk security vulnerabilities in the browser plug-in that can be automatically exploited by embedded content in web pages.

Though Google and Microsoft have begun automatically installing Flash security updates in their browsers, zero-day flaws would still pose a threat. ®