Google barks back at Microsoft over Chrome Frame security
Defends plug-in, says it makes IE more secure, not less
Computerworld - Google hit back at Microsoft today, defending the security of its new Chrome Frame plug-in and claiming that the software actually makes Internet Explorer (IE) safer and more secure.
"Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users," said a Google spokesman today. "It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology [in IE6 and on Windows XP], and defenses from emerging online threats that are available in days rather than months."
Although both IE7 and IE8 include a "sandbox" defense dubbed "Protected Mode," the feature works only when the browsers are run in Vista (IE7 and IE8) or Windows 7 (IE8). Google's Chrome Frame, however, prevents malicious code from escaping the browser -- and worming its way into, say, the operating system -- on Windows XP as well.
"Running a browser within a browser doubles the potential attack surface in a way that we don't see is particularly helpful," said Amy Bazdukas, Microsoft's general manager for IE, on Thursday.
Bazdukas blasted plug-in security in general, and Chrome Frame specifically, while taking the latter to task because it busts IE8's private browsing features. "Chrome Frame breaks the privacy model of IE," claimed Bazdukas. "Users are not going to be able to use IE's privacy features, something that's not made apparent to users. They're essentially circumvented."
Google countered that its plug-in is secure.
"Google Chrome Frame ... was designed with security in mind from the beginning," the company spokesman added in an e-mail. "While we encourage users to use a more modern and standards-compliant browser such as Firefox, Safari, Opera or Chrome rather than a plug-in, for those who don't, Chrome Frame is designed to provide better performance, strong security features, and more choice ... across all versions of Internet Explorer."
According to Google, Chrome Frame receives automatic, behind-the-scenes security updates with the same mechanism used by the Chrome browser itself, relieving users of manually patching the plug-in.
The company is also investigating bugs filed with the Chrome team by Microsoft developers, who reported that Chrome Frame broke IE8's privacy mode.
Google pitched the plug-in as a way to instantly improve the performance of the notoriously slow IE, and as a way for Web developers to support standards IE can't handle, including HTML 5.
The Chrome Frame plug-in works with IE6, IE7 and IE8 on Windows XP and Windows Vista. It's available from Google's site as a free download.
- IE6: Retired but not dead yet
- Chrome users won't give up, keep pressing Google to restore old-style new tab page
- Google quashes 31 vulnerabilities, restores Metro mode 'steppers' with Chrome 34
- Firefox's UI face-lift on track for April debut
- Ex-Mozilla engineer blames Microsoft's rules for Metro Firefox's death
- Mozilla patches 20 Firefox flaws, plugs Pwn2Own holes
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts