Microsoft says Google Chrome Frame doubles IE attack surface
Summary: Google's decision to introduce a plug-in that runs Google Chrome inside Microsoft's Internet Explorer isn't sitting well with the folks at Redmond.
Google's decision to introduce a plug-in that runs Google Chrome inside Microsoft's Internet Explorer isn't sitting well with the folks at Redmond.
The Google Chrome Frame, which is presented as a seamless way to bring Google Chrome's open web technologies and speedy JavaScript engine to Internet Explorer, has increased the attack surface for IE users, Microsoft said today.
Here's Microsoft's official reaction:
“With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers. Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attach area for malware and malicious scripts. This is not a risk we would recommend our friends and families take. For a deeper look at how the browsers stack up in security, take a look at the latest phishing and malware data from NSS Labs.”
This video from Google explains the decision to release the Chrome Frame:
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Actually, it means that some of the browsing will be much safer by using
are bogus security arguments. They do not even try
to deny that Chrome is much faster and better.
faster but less secure
Actually...
I'm much more worried about being hacked and
having drive-by-downloads on my system, for which
Chrome is much better and remains my browser of
choice
I use Chrome Too - but...
Chrome was NOT written to fill in security holes on IE.
All vunerabilites in Chrome are present and all vulnerabilities in IE are still present. Vulnerabilities are blocked in only a few accidental cases. And due to the accidental nature of the blocking...that blocking can usually be hacked around.
In general computer science and math say that two pieces of software working together in this manner combine their vulnerabilties. Double vulnerablities is likely an exaggeration since there are likely several cases where Chrome and IE have the same vulnerability.
However I suggest you at least read the Chrome security and bug reports as a few months ago several professional groups rated Chrome as less secure than IE even if fixing faster. And Google more or less admitted that but said that Chrome was growing and changing so fast that the window of opportunity was small...with a near future maturity that would shrink that number of vulnerability.
Huh?
renderer rather than IE, why would IE's
vulnerabilities still apply? Unless they are
vulnerabilities in the GUI.
You have remember that it's still IE
Phishing [i]is[/i] FUD, you stop.
by viewing a webpage. In this regard, Chrome is
vastly superior to IE.
Chrome is changing
When Chrome was a very basic browser without lots of extensions and add-ons, it was theoretically more secure.
However, Google wants Chrome to match all those IE features. Due to the large number of features being added in a very short period of time...
Chrome ain't that secure. It merely hasn't been long enough for malware writers to write exploits.
That's weird.
which is a rather tried and true renderer.
And what makes you assume that when they implement
addons they will do it as insecurely as MS have?
Webkit
well as the browser built into the iPhone and iPod Touch. It's comes from
KDE, so in theory it shares a common base with the KHTML browser, too.
It should be pretty rock solid by this point and has a lot of the open
source community pounding on it, just like FireFox. IE was based on
SpyGlass and although MS has worked it through many revisions, IE lacks
the purview of many parties that would improve security and failsafe
mechanisms inherent to Safari, Chrome, KHTML and FireFox.
Microsoft has no friends
friends and families." Wow, powerful statement. When my friends and
family ask for a computer recommendation or computer help, I
certainly don't recommend Windows, Office, or Explorer. And I love
the phrasing of "doubling the area of the attack surface". At least
they're honest in the sublime admission that IE is a horrendously
insecure browser platform, though doubling it's "surface" is like saying
it's hard to miss the side of a barn, versus the side of a "very big"
barn. Wow, have they ever gotten weak under Balmer. If they didn't
make such crappy products since their inception in the 1970s, I'd
almost feel nostalgic about the days when Bill Gates was at the helm.
At least he was a formidable business man, but monkey-boy Steve
Balmer is just a wannabe.
RE: Microsoft says Google Chrome Frame doubles IE attack surface
not Google's fault for making the plug-in. It is Microsoft's fault for letting such a plug-in.
It sound like Microsoft in blaming Google for adding more
options to for Criminals to exploit. Maybe Microsoft
needs to take Google's minimalist approach.
Knowing the Microsoft's history with vulnerable software,
I would rather trust Microsoft.
typical unfounded alegations
perhaps if you read this you would rethink your statement
Don't be silly ...
If you read this
I'm not interested in reports paid for my M$
Just another MS basher
safer they are doing it for the ad revenue. If they make IE less safe it is
just another attack venue in the browser wars. Why do you think there is
no Chrome for the Mac.
Dont know how to search? :)
Google is doing this to make better web apps
Microsoft should be concerned.