AfterDawn: Tech news

Microsoft claims privacy, security issues with Chrome Frame

Written by James Delahunty (Google+) @ 24 Sep 2009 20:25 User comments (8)

Microsoft claims privacy, security issues with Chrome Frame Microsoft Corp. has responded to the release of Google's Chrome Frame for Internet Explorer with criticism. The company has argued that the plug-in, which adds support for HTML 5 and speeds up Javascript, could double the security woes of users if installed.
"It's not necessarily that plug-ins aren't or can't be secure, but that running a browser within a browser doubles the potential attack surface in a way that we don't see is particularly helpful," said Amy Bazdukas, Microsoft's general manager for IE.

She claimed that by installing Chrome Frame, Internet Explorer users are essentially breaking the private browsing protections included with IE8. "Chrome Frame breaks the privacy model of IE. Users are not going to be able to use IE's privacy features, something that's not made apparent to users. They're essentially circumvented."

She also responded to Google's claim that IE users are looking for faster Javascript support and HTML 5. "HTML 5 is not a completed standard," she noted. "We're working on it very actively, and we see a lot of promise in it. But it's premature to support it."

Bazdukas also speculated on the the reason for Chrome Frame's release, citing Microsoft's share of the browser market and the release of Google Wave. "Chrome Frame is all about supporting the impending release of Google Wave," she argued. "Google hasn't been able to make an impact on market share with Chrome, and so they've turned to alternate means. Chrome Frame would look to capitalize on the leadership position that we have."

Previous Next  

8 user comments

124.9.2009 21:01

You mean it could Increase the security holes?

Sorry M$, just not possible. I'll stick to Firefox thank you very much.

224.9.2009 21:55

If Chrome Frame uses Chrome's rendering engine then it could increase Internet Explorer's security issues. However, Google has been very on top of Chrome and it's security. They are actively developing and patching it as well.

I'm not sure how IE's "Add-ons" work but I assume that Google could just have Chrome Frame auto-update itself the same way Chrome and Firefox can. If this is true then Microsoft has very little to worry about.

Since Chrome-Frame only activates itself (for now) on sites with a special meta tag I don't see an issue. Someone looking to exploit the plug-in would probably have to circumvent both Chrome and IE's defenses to be successful.

Since Chrome Frame does not require Chrome to be installed I could potentially see this "stealing" some browser marketshare from Firefox and Chrome if it got a push from Google and Microsoft.

Of course, I don't think Microsoft will ever "support" this plug-in due to it's "Google fixes IE" nature.

324.9.2009 23:36

That's one of the most catty responses i think ive heard in a while. Obviously microsoft is the one that needs to worry about market share. At least google's is going up quickly, and not down quickly. No need to support html5 because its not a standard yet? Thats the mentality that loses them market share year after year.

425.9.2009 11:01

jetyi83, yes M$ used Bing to figure that one out. This does mark in history when the suits have started to inflitate Google. They have kept the scum out for a long time. Now many phases of their business shows utter stupidity and lack of care.

For instance they upgraded the 'human challange' where you have a morfed word or characters and you need to guess what it is. These are very difficult and may not be words at all. They do not offer to switch the word or audio the word. I know I have a very high IQ and my kids seam smart. I had to let then play with it for way too long before they got it right. I suspect less than 1% of the humans will pass the test. This is pretty much the gate way to everything.

525.9.2009 11:40

SO if a normal piece of software breaks your OS/browser,ect its somehow thier fault?

625.9.2009 13:14

Originally posted by ZippyDSM:
SO if a normal piece of software breaks your OS/browser,ect its somehow thier fault?
I don't see why Microsoft is freaking out about this. It's still a dev-channel piece of code which means it's not being "pushed" on anyone. Since I develop my own websites I am applauding Google for at least attempting to fix IE6-8 in a way that could help push the web forward by making IE6-8 standards compliant.

Yes, this plug-in has the potential to "keep" people on IE instead of upgrading but it basically turns IE into an IE-skinned Chrome, which I am OK with.

Google is smart enough that they would only actively push this if they knew it was at least decently secure and could be easily updated.

Internet Explorer = Broken piece of trash. It's not web standards compliant (even IE8 isn't very compliant, other than CSS) and the only reason for it's 67% market share is because it's included on every Windows installation.

When your OS takes up 93% of the market (see here) your built-in browser is bound to have a high usage rate. Because of this fact alone it's amazing (and awesome) to see Firefox commanding a 23% market share.

Now if only we could convince corporations to upgrade to Firefox or, at the very least, IE8.

725.9.2009 19:41

Originally posted by Lothros:
You mean it could Increase the security holes?

Sorry M$, just not possible. I'll stick to Firefox thank you very much.
Yup. Firefox owns.

829.9.2009 14:53

I found it interesting that Microsoft makes no notice, it would seem, of the IE plugin in Firefox, letting users run a Firefox framed IE for sites that won't behave with Firefox. Seems it works one way but not the other, eh?

Comments have been disabled for this article.

News archive