August 28, 2011

Microsoft says Google Chrome Frame doubles IE attack surface

Summary: Google’s decision to introduce a plug-in that runs Google Chrome inside Microsoft’s Internet Explorer isn’t sitting well with the folks at Redmond.

Google’s decision to introduce a plug-in that runs Google Chrome inside Microsoft’s Internet Explorer isn’t sitting well with the folks at Redmond.

Best Microsoft MCTS Training – Microsoft MCITP Training at

The Google Chrome Frame, which is presented as a seamless way to bring Google Chrome’s open web technologies and speedy JavaScript engine to Internet Explorer, has increased the attack surface for IE users, Microsoft said today.

Here’s Microsoft’s official reaction:

“With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers. Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attach area for malware and malicious scripts. This is not a risk we would recommend our friends and families take. For a deeper look at how the browsers stack up in security, take a look at the latest phishing and malware data from NSS Labs.”
Bookmark and Share