Google responds to criticism by Microsoft about Google's Chrome Frame plug-in. Chrome Frame is designed to bring some of the technology of the Google Chrome browser to Microsoft Internet Explorer, and has been reported to speed up the browser. But Microsoft contends that the plug-in increases IE's attack surface.
hit back Sept. 24 in response to Microsoft's claims that Google's
Chrome Frame makes Internet Explorer less secure.
Google Chrome Frame is an early-stage open-source plug-in that brings Google
engine, to Microsoft's Internet Explorer browser. Google introduced Chrome
on Sept. 22, stating that it can be used with IE versions 6, 7 and 8.
In response, Microsoft
accused Google of expanding the attack surface for
IE. Google meanwhile got in a dig of its own as it touted the security of its
read more about Web browser security, click here.
"With Internet Explorer 8, we made significant advancements and updates
to make the browser safer for our customers," a Microsoft spokesperson
said Sept. 24. "Given the security issues with plug-ins in general and Google
Chrome in particular, Google Chrome Frame running as a plug-in has doubled the
attack area for malware and malicious scripts. This is not a risk we would
recommend our friends and families take."
of the issue is that the plug-in seems to undo IE 8's
According to Google, however, the plug-in was
designed with security in mind from the beginning.
we encourage users to use a more modern and standards-compliant browser such as
Firefox, Safari, Opera or Google Chrome rather than a plug-in, for those who
don't, Google Chrome Frame is designed to provide better performance, strong
security features and more choice to both developers and users, across all
versions of Internet Explorer," a Google spokesperson said.
The spokesperson added that accessing sites with Chrome Frame brings the
Chrome browser's sandboxing and malware protection features to IE users.
Microsoft, however, pointed to the results of a recent browser
by NSS Labs as proof of IE's
security posture. The
test was paid for by Microsoft
as part of an internal company analysis of
IE security. NSS Labs later posted the
results for the public.
As the controversy continues, Google is encouraging public involvement in
the development of Chrome Frame.
"We invite all parties with thoughts about Google Chrome Frame to
explore our code and provide feedback about this technology [to] the open-source
community," the spokesperson said.