March 18, 2010
Hot topics :

Does Google Chrome Frame Make IE Less Safe?

There has been some back and forth finger pointing in the last few days between Google and Microsoft over Chrome Frame. According to multiple reports, Microsoft has said that the Chrome Frame IE plug-in (which embeds Google Chrome JavaScript and HTML 5) into IE 6,7 and 8, puts IE users at risk. It's a claim that Google disagrees with.

From my perspective they're both right ... and wrong. Here's why:

Chrome Frame, like any plug-in for any browser, does provide extra functionality and code. As such, from a purely objective point of view, it does present a broader potential attack surface and new attack vectors. Simply put, when there is more code, there is more code to attack that is potentially vulnerable.

As well, the known risk from all plug-ins (highlighted recently with Adobe's Flash) is that users do not update them as often as they should, leaving them at risk.

At this early stage, it's not clear to me how Chrome Frame is updated. Though Google Chrome itself has one of the best updating systems around, providing transparent automatic updates to users.

On the other side of the equation, Chrome (to date) has not been as widely attacked as IE. There have not been nearly as many (not even close) publicly known vulnerabilities in Chrome or Chrome specific malware or scripting (XSS, CSRF etc.) attacks.

Additionally with the JavaScript sandboxing that Chrome provides, which is not something IE 6 or 7 users have, they actually get  a degree of process isolation which mitigates a lot of script related risk.

Personally, I think that Chrome Frame provides the most value to older versions of IE, in particular IE 6. Yes of course those users should upgrade. But the reality is to date they haven't for any number of reasons. In my experience those reasons typically include either ignorance or fear (or a combination of the two). Adding a plug-in is easier and less invasive.

The way I see it, Google is undercutting IE and Microsoft just doesn't like that. Yes there are potential risks, just as there are with any plug-in. The native risks to IE 6 users in particular, likely far outweigh the theoretical risks from Chrome Frame.

Article courtesy of InternetNews.com.

1



IT Offers





Partners



















The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Intel Whitepaper: 2010 Intel Core vPro Processors Overview
Article: Adobe Helps PHP Developers Create Rich Internet Applications
Article: Reduce Your Infrastructure Costs with Microsoft System Center
Intel Brief: Five-Star IT Support--Intel Core 2 processor with vPro Delivers ROI of 524 Percent
Article: Security Enhancements Abound in Windows Server 2008
Intel Whitepaper: Implementing Intel vPro Technology to Drive Down Client Management Costs
Microsoft Whitepaper: Improve Communications and Collaboration
 Intel Article: Intel Core i5 vPro Brings Intelligence to the Processor
Microsoft Personalized Whitepapers and Resources for You
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
Microsoft Whitepaper: Make Better Decisions - SQL Server 2008 Business Intelligence.
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

IBM Cloud Computing for Developers Virtual Event, April 6-8
Micro Focus Webcast: Boosting the Impact and Effectiveness of Software Development QA and Testing
Microsoft Webcast: Simplified Access and Single Sign-On
Intel Video: 2010 Intel Core Processor Technologies
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Adobe Download: Tour de Flex Application and Explore Flex
HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
 Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Free Adobe Online Flex Training: Check Out this Video Training Course Here
Learn Unified Communications
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
 Learn Forefront
Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES