Microsoft complains about security with Chrome Frame.

I wrote in the past couple of days about Chrome Frame and always wondered what would Microsoft have to say about Google's Chrome working inside their Internet Explorer browser?

IE_CF1I wrote in the past couple of days about Chrome Frame and always wondered what would Microsoft have to say about Google’s Chrome working inside their Internet Explorer browser?

What Chrome Frame does instead of asking people to view websites with another browser, is that it prompts for Chrome Frame as an add-on and the Chrome browser works inside the Internet Explorer seamlessly.

Microsoft’s response has been pretty much on expected lines, except that they could have simply ignored this development and carried on with improvements with their browser.

Microsoft’s Arguments against Chrome Frame

  1. Internet Explorer 8 is much safer than most browsers in the market and if Chrome Frame runs inside Internet Explorer 8, some vital security features of the IE8 browser may be compromised.
  2. With Chrome Frame running inside Internet Explorer, hackers using script for Chrome browser can hack into Internet Explorer. This clearly implies that Internet Explorer 8 is safer than Chrome. 😉

What I find interesting is Microsoft keeps commenting on how Internet Explorer 8 performs against other browsers but a big number of IE users are using IE7 or even IE6.

Chrome Frame is definitely a great help for IE6 or IE7 users. Also Microsoft is still not actively telling people to move to IE8 by forcing a upgrade on a large scale.

I think its a typical reaction by a dominant market leader who gets nervous about the competition. Bring up the security issue and say your product is safer instead of making it better. Microsoft needs to wake up and dramatically improve Internet Explorer otherwise it will see its market dominance spiraling downwards slowly but surely.

Link: Ars Technica

6 Comments

Rahul September 27, 2009

I just installed chrome frame.

venkat September 27, 2009

Microsoft has every reason to worry about chrome frame , Microsoft really worrying the plug-ins can serious security concerns to IE.

Aditya Kane September 27, 2009

@venkat: Technically Microsoft is right. But what they are saying is that programs or scripts which can break through from Chrome will also affect IE if Chrome Frame is installed. But just a couple of thoughts.
1. IE has the largest market. Its about 20 times bigger than Chrome. A hacker will probably spend time making viruses to hack into IE rather than Chrome.
2. For Users who are using both Chrome and IE for browsing, this add-on being there on IE is a non-issue.

Aditya Kane September 27, 2009

@Rahul: I personally use chrome frame with IE and do not feel it would be a security risk. But if you want it uninstalled. Then on IE goto Tools >> Manage Addons >> Select Chrome Frame BHO and then disable it. 🙂 Hope it helps.

Abhishek Kumar September 27, 2009

> 1. IE has the largest market. Its about 20 times bigger than Chrome. A hacker will probably spend time making viruses to hack into IE rather than Chrome.
Its true that hackers exploit products with huge market share, which explains the huge number of virus and other malware infecting windows, but that is not the ONLY factor. Vulnerability of an application is equally lucrative for a hacker. Send out an app in the market, which has security loopholes, a hacker will screw the app over in N number of ways even if it has a low market share.

> 2. For Users who are using both Chrome and IE for browsing, this add-on being there on IE is a non-issue.
Wrong again, having chrome means the browsing done through chrome is unsafe, it still does not affect the browsing done through IE8 (safe or unsafe, that is a different discussion) , but having chrome frame INSIDE IE8 will make the IE8 browser as unsafe as chrome itself.

Aditya Kane September 28, 2009

@Abhishek: 1. Fact is Microsoft has obliquely mentions security concerns without really mentioning any specifics. Though I did mention they are technically right.
2. You just made my point. If you are using Chrome and IE both on your computer. Having Chrome Frame running inside IE makes it as vulnerable as Chrome, but if you are already using Chrome as a browser it should not make any difference.