Microsoft Slams Google Chrome Frame

Google Chrome FrameIt’s kicking-off! Microsoft is recommending that users avoid Google Chrome Frame because it’s a “security risk.” A company spokesperson issued the following statement:

With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers.

Given the security issues with plugins in general and Google Chrome in particular, Google Chrome Frame running as a plugin has doubled the attach area for malware and malicious scripts. This is not a risk we would recommend our friends and families take.

Google quickly retaliated:

Accessing sites using Google Chrome Frame brings Google Chrome’s security features to Internet Explorer users.

It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology, and defenses from emerging online threats that are available in days rather than months.

Is there any substance to Microsoft’s claims?

Quoting security possibly isn’t the best angle they could have taken; Microsoft lives in a big glass house and shouldn’t throw boulders. IE may now be more secure than any other browser but that’s not always been the case. Google has experienced a few security issues with Chrome but they have been dealt with quickly.

Also, how many virus and malware developers are specifically targeting Chrome? I suspect it’s a small number compared to those attacking IE — it has a far larger market share. When you’re fishing (or phishing), it’s logical to go for the big sharks rather than the small minnows.

Even if the Chrome browser was compromised, there’s no guarantee that Chrome Frame would be affected. As I recently reported, the plugin runs within Microsoft’s own sandboxed BHO environment. Are Microsoft saying that Chrome Frame could neutralize IE’s internal security? If so, it’s a good reason to block IE plugins or stop using IE altogether.

Finally, it’s interesting that Microsoft only mention IE8. Chrome Frame probably wouldn’t exist if everyone upgraded to that browser, but many users are stuck with IE6 and IE7. Microsoft could have solved the problem if they had implemented an IE6 compatibility mode to the newer browsers, but that never happened and they’ve left Google to provide a solution.

Of course, Microsoft had to say something and they are unlikely to be complimentary about a Google product. Quoting security concerns is a cheap tactic; adding any plugin undoubtedly imposes a security risk. However, Microsoft should have removed their BHO system if those risks were anything other than negligible.

Come on Microsoft — stop wasting time berating Google and inadvertently giving more free publicity to Chrome Frame. Provide your own innovative solutions to encourage IE upgrades rather than letting competitors do it for you!

Related reading:

Free book: Jump Start HTML5 Basics

Grab a free copy of one our latest ebooks! Packed with hints and tips on HTML5's most powerful new features.

  • saibharadwaj.com

    u r bit too late in updating this bit of news.

  • ejrodgers

    How someone from Microsoft could have the sheer arrogance to start slagging off ANYONE over security takes your breath away. Looking back at IE security exploits in the past I personally believe it is only a matter of time before it’s reported that IE8 has major security flaws (probably of the zero day variety). Let’s not forget that in 2006 Internet Explorer was considered unsafe for 284 days (Yes 284 days!) – the equivalent of almost NINE MONTHS! (Source: Washington Post;Search on Google for: internet explorer security exploits days washington post).

    When Microsoft manages to make a version of IE that is safe for longer than a few months, actually complies with current specification AND doesn’t crash then they can start throwing their weight around.

  • ejrodgers

    And if anyone thinks I’m being unfair on Microsoft try searching on Google for IE8 security exploits

  • Chris Pratt

    Finally, it’s interesting that Microsoft only mention IE8. Chrome Frame probably wouldn’t exist if everyone upgraded to that browser, but many users are stuck with IE6 and IE7. Microsoft could have solved the problem if they had implemented an IE6 compatibility mode to the newer browsers, but that never happened and they’ve left Google to provide a solution.

    Chrome Frame was developed mostly for the sake of Google’s new Wave product. Wave requires HTML 5 and associated technologies, which even IE8 does not support. Considering IE8 still doesn’t support some technologies that have been standards for years (XHTML for example), you probably won’t see HTML 5 in an a Microsoft browser until at least IE10 (Microsoft notoriously refuses to implement drafts and recommendations from the W3C and HTML 5 won’t be an official standard until 2012 or later).

    As a result, Google released Chrome Frame so IE users could still enjoy Wave and other cutting-edge web apps as they come: they just have to install a plugin first.

  • Stevie D

    It’s all very well Microsoft exhorting people to upgrade to IE8, but we all know that the vast majority of people still using IE6 can’t upgrade to IE8 – either because they are running an older operating system, or because they run a corporate network that is tied into IE’s bugs.

    If Microsoft hadn’t completely screwed up their browser with IE6 and had made IE7/8 available on older operating systems, there wouldn’t be this problem around – people would happily have upgraded.

    Microsoft have caused this problem entirely through their own incompetence and arrogance. IE6 is still a dangerously unsafe browser, Chrome is not. I find it hard to believe that marrying the two together could be worse than IE6 on its own.

  • nedlud

    This is a pointless debate. Most IE users probably have no idea that alternatives exist in the first place, so are not likely to ever use Chrome Frame.

    I expect there are very few people who are in the position to use this product.

    If they are aware that there are alternatives to IE, they are either:
    A) Using them already. or…
    B) working some place like a large corp which does not permit them to change. In this case they wouldn’t be allowed to use Chrome Frame anyway.

    Let’s face it, this product is just a novelty for us geeks to play with.

  • http://www.sitepoint.com ShayneTilley

    @nedlud I totally agree with what you’ve said.

    Users of IE6

    - Unaware they have browser choice: they’re not going to understand a google chrome plugin thingamebob.
    - Corporates forced to use IE6: they’re not going to be permitted to install plugins
    - Web Designers needing to test in IE6: Are not going to install the plugin for testing

    So who’s left?

  • W2ttsy

    interestingly enough I reckon that google frame, coupled with one of the many IE6 upgrade messages, would make for a more suitable solution. for example on an IE6 page: We have detected that you are using Internet Explore 6, in order to get the best experience, we recommend installing Chrome Frame.

    at least this offers a better solution than “upgrade to IE7/IE8″. Upgrades sound complex and daunting and may put off novice users. People understand installing plugins (silverlight, flash, etc) is a part of using the web.

  • http://pixopoint.com/ ryanhellyer

    Microsoft would be better off sticking their head in the sand rather than trying to slag off Google for improving one of their own products. Perhaps if IE8 was comparable in quality to IE8 then they could argue that users shouldn’t use it with IE8, but it’s not, Chrome is lightyears ahead.

  • http://www.optimalworks.net/ Craig Buckler

    @nedlud and ShayneTilley
    Why wouldn’t corporations permit Chrome Frame? If their systems developers have good reason to use HTML5, CSS3, canvas, SVGs etc. they can convince the IT departments to install the plugin. End users wouldn’t know IE had changed or that Chrome Frame was used for some applications and not others.

    I’m certain Google will target Chrome Frame at the corporations and possibly provide network distribution software.

  • markfiend

    Typical Microsoft FUD

  • http://www.howrank.com mkoenig

    Just a good business move on the part of Microsoft. Not completely false, but not completely true either.

  • RobbieGoD

    well, i don’t. I kind of in a way see Microsofts point. What if Microsoft wrote a program that when a user installs Google Chrome on Windows it replaces the rendering engine of google chrome with IE8 rendering engine. Who is to say that they can’t take that one step further?

    What if Microsoft writes a program that replaces the rendering engine of any web browser installed on windows with the IE8 rendering engine. Effectively, then everyone on Windows is using IE8 in a Firefox shell for example.

    I think Google took a step in a bad direction here.

    I also read (let me know if i am wrong about this too), but i read that in my webpage i can ad d some code that forces IE8,7, and 6 to use the google plugin. The user doesnt have to install anything. Is that correct? I might be wrong on that part.

    So, thats the bad part of it.

    The good part of it is IE6 can now be a web browser work horse.

    One last question:
    What is google thinking? The reason IE6 won’t go away is because users won’t upgrade to the latest version of IE. So, what makes them think they will install this plugin? These users that don’t upgrade aren’t into the whole idea of the latest and greatest is best. I know of some companies that won’t upgrade to IE7 because IE6 is what the company intranet was tested in. Oh well.

    In the end, I don’t think Google should have made a plugin like this. Microsoft should just write something that blocks it / denies it from being installed. I think this probably violates some terms somewhere. Plugins are meant to extend an already existing architecture, not replace the architecture – which I feel like a plugin like this does.

    Sorry Google. I’m still a big fan and I am still hating Microsoft but come on, there must be a better way.

    And I am 100% sure that if Microsoft would have done the same thing but have done it to Firefox, Google, etc. everyone and there brother would probably sue Microsoft. It’s such bullhock. Microsoft is sooo large that they are now hindered. shoot they can’t even force updates! You have to give permission to Microsoft everytime it wants to do something.

  • Anonymously

    You can bet that any software or application that Google or MS offers is going to have DESIGNED into it backdoors for privacy intrusions by the government and/or their operatives.

  • rozner

    The user still has to install the plugin, so by putting the meta tag in your page, you’re not forcing anyone who’s using IE to view the page with the Chrome engine.

    For all those who say that “those who won’t upgrade probably won’t install the plugin”, well I think they all installed the Flash plugin without much trouble so I don’t see how this is any different. I don’t think Microsoft could block this without blocking other plugins in the process (not sure about that though).

    Anyway, I work for a corporation that’s stuck with IE6 so I’m personally a big fan. I’ve already tested it out and it works fine for me. Whether or not we’ll start updating our intranet is another story. I have a feeling new projects will still be made for IE6 for a while.

  • bals28mjk

    Lame excuse for ie. We all the know the real reason.

  • Stevie D

    In the end, I don’t think Google should have made a plugin like this. Microsoft should just write something that blocks it / denies it from being installed.

    That will have precisely zero effect. IE6 doesn’t have an auto-update feature, so users would have to choose to download and install the update that would stop them from using a plug-in that they might or might not choose to download and install…

    Chrome Frame is not being targeted at IE7/8 users to get them to try Chrome, it is only being targeted at IE6 users.

  • http://hoxr.com/ hoxr.com

    to be very honesty, i like both IE7 and IE8..there is no reason for me change to other browser if only for brows..