Google barks back at Microsoft over Chrome Frame security
Defends plug-in, says it makes IE more secure, not less
Computerworld - Google hit back at Microsoft today, defending the security of its new Chrome Frame plug-in and claiming that the software actually makes Internet Explorer (IE) safer and more secure.
"Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users," said a Google spokesman today. "It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology [in IE6 and on Windows XP], and defenses from emerging online threats that are available in days rather than months."
Although both IE7 and IE8 include a "sandbox" defense dubbed "Protected Mode," the feature works only when the browsers are run in Vista (IE7 and IE8) or Windows 7 (IE8). Google's Chrome Frame, however, prevents malicious code from escaping the browser -- and worming its way into, say, the operating system -- on Windows XP as well.
"Running a browser within a browser doubles the potential attack surface in a way that we don't see is particularly helpful," said Amy Bazdukas, Microsoft's general manager for IE, on Thursday.
Bazdukas blasted plug-in security in general, and Chrome Frame specifically, while taking the latter to task because it busts IE8's private browsing features. "Chrome Frame breaks the privacy model of IE," claimed Bazdukas. "Users are not going to be able to use IE's privacy features, something that's not made apparent to users. They're essentially circumvented."
Google countered that its plug-in is secure.
"Google Chrome Frame ... was designed with security in mind from the beginning," the company spokesman added in an e-mail. "While we encourage users to use a more modern and standards-compliant browser such as Firefox, Safari, Opera or Chrome rather than a plug-in, for those who don't, Chrome Frame is designed to provide better performance, strong security features, and more choice ... across all versions of Internet Explorer."
According to Google, Chrome Frame receives automatic, behind-the-scenes security updates with the same mechanism used by the Chrome browser itself, relieving users of manually patching the plug-in.
The company is also investigating bugs filed with the Chrome team by Microsoft developers, who reported that Chrome Frame broke IE8's privacy mode.
Google pitched the plug-in as a way to instantly improve the performance of the notoriously slow IE, and as a way for Web developers to support standards IE can't handle, including HTML 5.
The Chrome Frame plug-in works with IE6, IE7 and IE8 on Windows XP and Windows Vista. It's available from Google's site as a free download.
- Workarounds to purge search bar from Firefox's new tab page are available
- Mozilla ships Firefox 31, adds search to new tab page
- Microsoft's IE steps back from the brink of irrelevance
- Firefox falters, falls to record low in overall browser share
- Firefox risks user backlash by adding search box to new tab page
- Google unseats Microsoft as the U.S. browser powerhouse
- Safari, Chrome push to mask URLs
- Chrome on Windows champs at the 64-bit
- Google pulls trigger, cripples some Chrome add-ons
- Microsoft shoots to shorten Internet Explorer's long tail
Read more about Security in Computerworld's Security Topic Center.
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!