Microsoft bashes Google's Chrome-in-IE plan (original) (raw)

The software maker says that Google's Chrome Frame plan raises security issues and is "not a risk we would recommend our friends and families take."

During her years at CNET News, Ina Fried changed beats several times, changed genders once, and covered both of the Pirates of Silicon Valley.

Microsoft on Thursday lashed out against Google Chrome Frame--an Internet Explorer plug-in that supplants IE's rendering engine with Google's.

The software maker, in a statement, said users are better off moving to a later version of Internet Explorer if they want the latest technology as opposed to using Chrome Frame.

Google plans to use Chrome Frame to, among other things, allow people to run Google Wave from within Internet Explorer. Google

"With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers," Microsoft said. "Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attach area for malware and malicious scripts. This is not a risk we would recommend our friends and families take."

However, some took Microsoft to task for criticizing plug-ins, noting that Redmond itself has more than a few.

"Microsoft scared of security of plug-ins. Uninstall Silverlight now," Mozilla's Dion Almaer wrote in a Twitter posting.

Google announced Chrome Frame on Tuesday, saying it can be used with Internet Explorer 6, IE7, or IE8 to use Chrome to render Web pages and execute their JavaScript programs. To work, users have to install the plug-in and Web developers must insert a line of code onto their Web sites that engages Chrome Frame when a person visits the site.

Update, 12:35 p.m. PT: I had a chance to chat with Amy Barzdukas, general manager for IE.

In addition to reiterating the security risks associated with running what she called "a browser within a browser," Barzdukas said that using Chrome Frame also interferes with the private-browsing and clear-browser-history features within Internet Explorer 8.

"That is not made clear," Barzdukas said. "That is a trade-off that customers would really want to make with eyes wide open."

Barzdukas also rejected the notion that it offers a good option for those still using Internet Explorer 6.

"If you are a user of IE6, you should get off IE6, not install another add-on," she said. "It just compounds your problem."

Update 3:20 p.m. PT: Google offered up a statement on its own, explaining its thinking behind Chrome Frame.

"Google Chrome Frame is an open source plug-in that is currently in an early developer release and was designed with security in mind from the beginning," Google said. "While we encourage users to use a more modern and standards compliant browser such as Firefox, Safari, Opera or Google Chrome rather than a plug-in, for those who don't, Google Chrome Frame is designed to provide better performance, strong security features, and more choice to both developers and users, across all versions of Internet Explorer."

Although it does increase the surface area, Google notes it brings some security features of its own, particularly for those running IE6. "Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users, providing strong phishing and malware protection (absent in IE6), robust sandboxing technology, and defenses from emerging online threats that are available in days rather than months," Google said.