In the early days of the World Wide Web, the first versions of HTML couldn’t deliver fancy content like videos. Text, images, and links were pretty much the limit.
Plug-ins were invented to work around the limitations of early HTML and deliver more interactive content. A plug-in is an additional piece of software that specializes in processing particular types of content. For example, users may download and install a plug-in like Adobe Flash Player to view a web page which contains a video or an interactive game.
How much does a plug-in interface with a browser? Curiously, hardly at all. The plug-in model is a lot like picture-in-a-picture on TV: the browser defines a distinct space on the web page for the plug-in, then steps aside. The plug-in is free to operate inside that space, independent of the browser.
This independence means that a particular plug-in can work across many different browsers. However, that ubiquity also makes plug-ins prime targets for browser security attacks. Your computer is even more vulnerable to security attacks if you’re running plug-ins that aren’t up to date, because out-of-date plug-ins don’t contain the latest security fixes.
The plug-in model we use today is largely the one inherited from the web’s early days. But the web community is now looking at new ways to modernize plug-ins — like clever ways to integrate plug-ins more seamlessly so that their content is searchable, linkable, and can interact with the rest of the web page. More importantly, some browser vendors and plug-in providers now collaborate to protect users from security risks. For example, the Google Chrome and Adobe Flash Player teams have worked together to integrate Flash Player into the browser. Chrome’s auto-update mechanism helps ensure that the Flash Player plug-in is never out-of-date and always receives the latest security fixes and patches.