Update: Not long after MIcrosoft talked about Google making IE less secure with its Chrome Frame plug-in, Google came out and contradicted the notion. From eWeek:
“While we encourage users to use a more modern and standards-compliant browser such as Firefox, Safari, Opera or Google Chrome rather than a plug-in, for those who don’t, Google Chrome Frame is designed to provide better performance, strong security features and more choice to both developers and users, across all versions of Internet Explorer,” a Google spokesperson said.
The spokesperson added that accessing sites with Chrome Frame brings the Chrome browser’s sandboxing and malware protection features to IE users.
Original Article: This week Google released the Chrome Frame, which is a plug-in for Microsoft’s Internet Explorer that enables the browser to run HTML5, and (probably more importantly to Google) Google Wave.
Google and Microsoft are of course direct competitors in a variety of markets, most notably search, and more recently, web browsers. Google’s Chrome hasn’t been around that long yet (over a year), but it has already made a fair impression on the market. Microsoft still largely dominates this market though, and the company doesn’t appear to be too thrilled with the concept of Google penetrating it right from within, via a plug-in.
Microsoft told Ars Technica that the Google Chrome Frame makes Internet Explorer less safe for users. “With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers,” a Microsoft spokesperson told Ars. “Given the security issues with plugins in general and Google Chrome in particular, Google Chrome Frame running as a plugin has doubled the attach area for malware and malicious scripts. This is not a risk we would recommend our friends and families take.”
Ars notes that Microsoft has a point in that plug-ins can create security issues because they typically remain unpatched longer than the browsers themselves, but the company is probably off the mark with regards to Google’s Chrome Frame in particular.
“As for IE + Google Chrome Frame potentially allowing for double the damage because the browser mutant would be open to a wider range of attacks, we’re going to have to call foul,” says
Ars Technica’s Emil Protalinski. “Somehow we doubt there is a significant amount of malware specifically targeting Chrome, and for whatever exists, we’re pretty sure most would fail when encountering IE + Google Chrome Frame. These Web attacks would be written to be able to circumvent Chrome’s security measures and would simply not expect Internet Explorer’s security layers.”
Given that Microsoft has the much larger market share, malware distributors have more of a reason to go after IE rather than Chrome. Furthermore, Microsoft mentioned security issues with “Chrome in particular” and after patching some initial holes after Chrome was first launch, the browser has maintained levels of security where other browsers (including IE) have failed.
Is Microsoft really concerned about the security of its users in this case, or is it just trying to dissuade people from using a competitor’s plug-in? If the latter is the case, perhaps they should get in gear and support the latest technologies. Browsers are one market where Microsoft still dominates over Google. They don’t want to lose that share.
