Microsoft plays the security card in response to Google's Chrome Frame

Microsoft plays the security card in response to Google's Chrome Frame

Summary: I was doubtful that Microsoft execs would have anything to say about Google's introduction this week of a plug-in that allows users to run the Google Chrome browser inside Internet Explorer. But I was wrong.


I was doubtful that Microsoft execs would have anything to say about Google's introduction this week of a plug-in that allows users to run the Google Chrome browser inside Internet Explorer.

But I was wrong.

A day after I asked Microsoft execs for their take on Chrome Frame -- which Google is promoting as a way to bring more advanced features (like HTML 5) to IE 6, 7, and 8 users -- Microsoft responded. A spokesperson sent me the following statement:

"With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers. Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attack area for malware and malicious scripts. This is not a risk we would recommend our friends and families take. For a deeper look at how the browsers stack up in security, take a look at the latest phishing and malware data from NSS Labs."

Do you think Microsoft execs have a valid point here or are grasping at straws to try to thwart anything with a Google label on it?

Topics: Malware, Browser, Google, Microsoft, Security


Mary Jo has covered the tech industry for 30 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Concering Chrome running inside IE..

    Yea I think they do, sort of. Correct me if I'm wrong but in Vista and beyond that plugin is still running inside the sandbox (provided IE protected mode is left on) so it shouldnt cause that much more of an attack vector. The only vulnerabilities it leaves is whats open in Chrome and how the plugin actually functions (which wouldnt be maintained my MS so thats why they are probably saying this).

    In the case of running in it IE6 on XP - I think it introduces security vulnerabilities that would be inherient in Chrome (and have it steal your privacy) but I think they are just trying to deflect in some way by pulling the security card.

    I personally wouldnt do it - but then again, no Google application gets installed on my PC so :)
    • No one will install it

      Wonder why M$ even bothered to respond.
      • Re: No one will install it

        One M$ exec was heard to comment "Installing Google Chrome in IE is as much a security threat as installing Windows itself!".
      • Already have

        Being tied in to IE6 by IT desktop support in larger organisations, developers are pinned back in the stone age. This gives developers a way to circumvent their laziness and get to develop 21'st century solutions.

        All the websites I work on will be tagged for Chrome Frame use.
        • All your websites are gonna have google tags?

          So much for standards... Tailoring web sites to target specific browsers is the exact opposite of what the w3c stands for.

          Make the code conform to standards and let the browser developers tailor to standards.
          • So much for standards... Tailoring web sites to target specific browsers

            But that is not what he is doing, there are two groups of browsers in the standards world. IE, and everyone else.

            In this case putting cf: in front of your URL moves you into the everyone else camp. i.e. you have gone from using a non-compliant browser to a complaint one, not the other way around as you suggest.
        • Nice, but...

          If users aren't given the rights to upgrade their browsers, most won't have permissions to install plug-ins... they certainly haven't been able to in any of the large corporates that I have produced websites for!

          It's a brick wall, that unfortunately is insurmountable by anyone but the companies themselves.

          Whilst I praise Google for taking the initiative, a concerted effort needs to be made in all aspects of development, distribution, installment and use, if we're ever to be rid of antiquated, non-compliant browsers like IE6.
    • Why bother with IE at all? Just run Chrome...

      The world really needs to move away from the stupidity of Microsoft-only browser extensions. If there are web developers still using that crap, they should be taken out and beaten soundly. The web, above all other places, SHOULD be a completely international standards-based environment. The only way we can move quickly into the future is by ensuring this is the case.

      I'm sick of reading about how many people who are still using IE 6. Aren't there enough of us technologically-oriented folks that we can band together and weed out those few laggards and force them into the 21st century? Educate bosses, family, and friends about the benefits of 21st century standards-based browsers people. Let's kill off the IE-only crap once and for all, so all of our lives are easier.
      • Why bother with IE at all?

        Correct! But don't run Chrome! Then you just trade out one evil corporation's browser for another, maybe even more evil corporation's browser. Run Firefox, a <i>non profit</i>'s browser who's only purpose is to make the Web better.

        Do good while you browse, not evil!
        x I'm tc
        • Umm

          Umm,your kidding right? do good while we browse? Ya want to explain that
        • Well SAID!

          Nice Comment!
        • Run Firefox, a non profit's browser

          Ummmmm you do realize who funds Firefox right??? Here's a hint....its the "even more evil corporation".
        • One should run FireFox

          Of course. I mean it. Every bit of code ever produced by hobbyists always worked better for me than a professional whose job rested on how well he or she could code. Was that sarcastic enough for ya?
      • Yea i wouldnt be caught dead running Chrome...

        even if the Linux version was complete. Ill take Firefox - hell even Opera over Chrome. I like my privacy thanks.
        • Privacy? That Doesn't Exist Anymore.

          Did you know that your ISP knows more about you than Google?

          Did you know that Microsoft knows more about you that Google and your ISP?

          How? Well If you go on the internet and never visit a Google site, your ISP

          still knows all the sites you've gone to.

          If you turn on your computer and not even go on the internet, Microsoft still

          knows what files and programs you have. How do you think your updates are pushed

          to you?

          ISPs want to implement Deep Packet inspection so they can read/look at your information as it is being transmitted.

          Your Cable/Fios company knows what shows you watch. Satellite also knows unless you boxes are not hooked up to a phone line.

          When you use your cell phones all your call are logged somewhere by your wireless company. Your location and where you have been can be traced by cell tower triangulation. That's logged by your cell phone company.

          Game consoles are now computers that are tracked just like computers.

          DVD and Blu-ray players are connected to the internet.

          Anytime you use your credit card, it's logged somewhere.

          There are refrigerators that transmit that milk is about to go bad. Your ISP will know that.

          Your IP address is logged on every website you go to.

          And let's not even talk about Facebook! There are over 300 million people who have willingly given up all kinds of very personal information on the web for anyone to try and steal. Why? I don't have the slightest idea.

          All communication services, be them email, IM, VOIP, Text Messages, etc.

          Pictures have GPS coordinates to show where they were taken.

          So you see, talking about Google invading privacy and being the bad guy is pointless and biased, because everyone does it.

          You had to sign up just to post here.

          I don't sweat it anymore.

          The best thing to do is to behave good and don't do stupid things.

          Remember, there is no way around it anymore.

          Accept it and learn to live with it.
          • Umm

            I doubt that MS or your ISP know as much about you in comparison to google, just read the T and C's.
          • Wow... Not New info - but well said!

            It's good to think about it in these terms once in awhile - thanx for the great post!
        • Don't knock the unknown. Chrome works fast & private!

          You'd never be caught dead if you did use Chrome. I don" t know who gave
          you the mistaken notion that Chrome was unsafe or underperforming, but
          chrome is a solid browser built as an open-source project. I have been using
          dev channel builds of chrome 4. These are pre-beta, yet they are more stable
          than ie8. One intuitive feature is that tabs run as seperate processes, so bugs
          don't effect the stability of other tabs. I've had problems with both firefox and
          opera freezing up because of a bug in scripts, and although firefox 4.0 is
          supposed to adopt chromes approach, who knows when that will be available.
          Also, chrome was the first to initiate private browsing windows. IE8 is just
          private because it takes so long for IE's rendering to load.
      • Oh My god a zealot?

        what do you care if someone is using old stuff or new? That hardly makes them lame... Often the older stuff is more stable and tried and true. Blanket statements about "crap" and "beatings" is over the top.

        Whose lives get easier? Yours? Your recommendation to run Chrome is what you'd tell your friends and family?

        I wouldn't for one reason: I won't let ANY advertising company run binaries on my machines period! I love the the google search engine but toolbars, frames and even thier "google apps" I'm very cautious about.

        To me, THAT is a security risk.
      • just install and run chrome itself

        yes, you're right, and if you right, you are
        right... we downloaded and installed the darn
        thing 3 times to check it out, we got fed up with
        it and installed chrome itself...finally.