Google barks back at Microsoft over Chrome Frame security
Defends plug-in, says it makes IE more secure, not less
Computerworld - Google hit back at Microsoft today, defending the security of its new Chrome Frame plug-in and claiming that the software actually makes Internet Explorer (IE) safer and more secure.
"Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users," said a Google spokesman today. "It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology [in IE6 and on Windows XP], and defenses from emerging online threats that are available in days rather than months."
Although both IE7 and IE8 include a "sandbox" defense dubbed "Protected Mode," the feature works only when the browsers are run in Vista (IE7 and IE8) or Windows 7 (IE8). Google's Chrome Frame, however, prevents malicious code from escaping the browser -- and worming its way into, say, the operating system -- on Windows XP as well.
"Running a browser within a browser doubles the potential attack surface in a way that we don't see is particularly helpful," said Amy Bazdukas, Microsoft's general manager for IE, on Thursday.
Bazdukas blasted plug-in security in general, and Chrome Frame specifically, while taking the latter to task because it busts IE8's private browsing features. "Chrome Frame breaks the privacy model of IE," claimed Bazdukas. "Users are not going to be able to use IE's privacy features, something that's not made apparent to users. They're essentially circumvented."
Google countered that its plug-in is secure.
"Google Chrome Frame ... was designed with security in mind from the beginning," the company spokesman added in an e-mail. "While we encourage users to use a more modern and standards-compliant browser such as Firefox, Safari, Opera or Chrome rather than a plug-in, for those who don't, Chrome Frame is designed to provide better performance, strong security features, and more choice ... across all versions of Internet Explorer."
According to Google, Chrome Frame receives automatic, behind-the-scenes security updates with the same mechanism used by the Chrome browser itself, relieving users of manually patching the plug-in.
The company is also investigating bugs filed with the Chrome team by Microsoft developers, who reported that Chrome Frame broke IE8's privacy mode.
Google pitched the plug-in as a way to instantly improve the performance of the notoriously slow IE, and as a way for Web developers to support standards IE can't handle, including HTML 5.
The Chrome Frame plug-in works with IE6, IE7 and IE8 on Windows XP and Windows Vista. It's available from Google's site as a free download.
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts