Microsoft kicks off row with Google over Frame security

News 25 Sep, 2009

Microsoft says a Google plug-in on Internet Explorer is a risk to its ‘friends and families’.

Microsoft has aimed fire at Google by claiming that its Google Chrome Frame plug-in is a security risk.

Google Chrome Frame was released on Tuesday, and is an open source plug-in that allows Internet Explorer users to access Google Chrome’s web kit-based rendering engine.

This has stirred up trouble at Microsoft, which claims that that the plug-in creates an unacceptable security risk, especially with all the work it has done in making Internet Explorer 8 secure.

“With Internet Explorer 8, we made significant advancements and updates to make the browser safe for our customers," Microsoft said in a statement.

“Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Fame running as a plug-in has doubled the attack area for malware and malicious scripts.This is not a risk that we would recommend our friends and families take.”

Even a Microsoft developer got in with a bash. Felix Wang, who works for Microsoft's Developer and Platform Evangelism arm, wrote on a Microsoft Developer blog that testing Chrome Frame started crashing Internet Explorer 8 on his Windows 7 system.

“This computer has IE8, Firefox 3.5, Chrome, Safari, Opera installed, so it might be a little bit complicated for Frame's setup routines to handle," he said.

“However, I've been wanting to do this for a while now: Google engineers, GOTCHA!”

Google came back with a statement saying that Chrome Frame was an early developer release and was designed with security in mind from the beginning.

But it couldn’t resist having a slight dig back at Microsoft, saying that it would encourage users to use a “more modern and standards compliant browser” such as Firefox, Safari, Opera or Google Chrome, rather than a plug-in on Internet Explorer.

“Google Chrome Frame is designed to provide better performance, strong security features, and more choice to both developers and users, across all versions of Internet Explorer," Google claimed.

It added: “Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users, providing strong phishing and malware protection (absent in IE6), robust sandboxing technology, and defences from emerging online threats that are available in days rather than months.”