Google Chrome Frame.

Google Chrome Frame.(plug-in for IE 6,7,8)

It makes your IE speed 10 times faster than normal IE(6,7,8).
Try it.
It really boosts your IE speed! :-TU

For Normal users.

http://code.google.com/chrome/chromeframe/

For Developers.

http://code.google.com/chrome/chromeframe/developers_guide.html

Notice: MS said you might have following problems.
1.security risks.
2.you can’t use ‘Private browsing’ with IE 8.
3.you may not delete all of browsing history files.
4.we don’t know all of problems with Google Chrome Frame yet.

From what I read about it, it only increases IE’s speed if there is an instruction embedded in a web page that activates it. I wouldn’t think many pages would have that, at least not yet. I am heeding MS’s warnings and passing on this.

No…
Why don’t you try it instead of the reading?
You are misunderstanding how this works.
Please read this from start to end.
http://code.google.com/chrome/chromeframe/developers_guide.html

Please try it.
It works very good. :-TU

When you use it, you should type ‘cf’ first.
cf:http://youraddress
And then IE uses Google Chrome engine to render the web pages.

If you are a developer, you can put some codes in your web pages.
It makes you don’t need to type ‘cf’ first.

Visit here and test ok?

http://www.acidtests.org/

I have to manually type or alter all my urls? That’s even worse. I’m still passing and I couldn’t care less about Acid or Canvas tests.

Check out this link----http://blogs.zdnet.com/security/?p=4447&tag=nl.e539

Dch48 I’ve already seen the article that you linked…
Don’t you even read my post?
Did you see my Notice? ;D

Just install and try it with many web sites.
It’s so fast.
If you don’t want to use it, do not use then.
But you can’t evaluate something without using it.
All of articles don’t give you everything.

One picture is worth a thousand words.

Looks like MS noticed that IE plugins would increase vulnerability risks though they seemingly forgot this apply to all plugins and not only Google frame they did go length to scare users about…

Since IE allow the installation of a nearly limitless number of vulnerable plug-ins maybe it worth considering installing the full Google chorme and get increased speed and standards support.

Google frame was likely provided for those webmasters who are constrained by IE limitations and don’t wish to trim down their site features because IE is bundled with the OS and users might not be aware of what it lacks.

Yes.
I think so.
It might has vulnerability risks just same as the other plug-ins.

Google wants to show something to MS.
It’s a kind of provocation.
It think there is Google Chrome OS behind of this provocation. ;D

Wait a minute…

So this plug-in is so new, untested, and potentially so unstable that it doesn’t even qualify as a “Beta” release? uhh… No thanks. I’ve had enough problems in the past from actual, full release plug-ins. If Google keeps working on it and tests and optimizes it up to a level that it at least qualifies for a “v1 full release” tag or something similar then I’ll take another look at it. But until then, no way. I also second the notion that having to manually alter all my url’s is too much unnecessary work and effort. I’d go so far as to say that the time you spend going and sticking “cf:” or whatever it was in front of all your urls probably nullifies any speed advantage you’re getting by loading the page faster.

If a single plugin double the risks then IE users should also be aware that it is also unlikely they have a bare-bone IE without plug ins.

Though each time an use install a plugin the risk is apparently increased n-fold, IE still support activex on-demand installation from webpages, in addition to those bundled with windows and ready to be exploited in IE…

The point MS was making is that if you include one browser’s capabilities inside of another one, you are potentially exposing yourself to the weaknesses, vulnerabilities, and avenues of attack of both browsers. Chrome has also shown itself to be the weakest of all the browsers in protecting against malware and phishing atacks. If the Chrome plugin bypasses the Smart Screen filters of IE8, this is not a good thing.

Yes, there are ways for malware writers to attack IE. There are also many ways to attack Chrome. Why expose yourself to both?

The point Microsoft made apply to the whole lot of plugins Internet explorer supports and that are exploited using that browser regardless if those vulnerabilities are counted separately and not as IE vulnerabilities.

And there are a whole lot of exploitable activex that only Internet explorer supports (since it is not a web standard but a way to get IE to execute windows specific 3rd party applications and eventually have the display something in webpages).

Some of those plugins are already bundled in the user machine some other can be simply installed from webpages or installed as default options of standalone applications (eg: Acrobat, Office).

Internet explorer without any plugins is something probably available only on vulnerability advisories

Though MS was apparently explicit only for Chrome frames plugin, it doesn’t matter how a plugin is called. It would be the same as MS making a point about Java, Flash, Acrobat, Office, Windows Media Player and countless others.

As the only test that apparently “praised” IE8 URL blacklisting filters was paid by MS itself and its methodology questioned though that was another topic…

Why exposing to the countless of activex vulnerabilities IE supports (in addition to IE own vulnerabilities)?

Being concerned about Google frame and neglect the rest would make no sense…

…as obviously a fully patched IE could be exploited by means of a vulnerable activex plug-in (including the ones made by Microsoft itself).

MS was acknowledging that IE has been attacked in the past, not ignoring it. They were simply stating that Chrome has many avenues of attack as well and to expose yourself to both sets would be foolish. As far as the tests MS supported go, I believe the results were entirely accurate and not skewed at all for or against anybody. Active X is not a bad thing, it enables many applications. It is no worse inherently than Java, Flash, or anything else that enriches the browsing experience. They have all been exploited and quickly patched.
What parts of each browser can be and have been attacked are irrelevant to this conversation. It’s only relevant that all of the browsers have been vulnerable and unfortunately will continue to be in the future as long as there are lowlife malware authors around.

Another question begs to be answered. We all know Chrome will be exploited again and again and will have to be patched. Will those same patches be done to this plugin?

IE’s Smart Screen filter is very nice, it has already blocked two rogue apps for me before CIS even got a shot at them. It is far better than Chrome’s safe browsing that incidentally works better in Firefox and even Safari than it does in Chrome itself. I don’t want Chrome’s engine bypassing the Smart Screen so again, I will pass on this plugin. It very well may be faster but I don’t think it will be as secure. If I wanted Chrome, I’d just get the whole thing which I’m sure is the reason behind releasing the plugin in the first place. Google wants IE users to try it, say “Hey, this is faster, maybe I should just switch to Chrome completely”, and do just that. Maybe there is basis for a lawsuit here concerning unfair business practices. I trust MS far more than Google.

There is only one question that begs to be answered: why MS was so particular about Chrome when IE allow a whole set af vulnerable plugins?

With all the activex plugins vulnerabilities supported by explorer that one test (paid by MS) you believe and whose flaws were exposed provide no guarantee to prevent all malicious sites nor it matters if IE is patched if its plugins are not.

BTW Vulnerability Report: Google Chrome 3.x got 0 vulnerabilities which is different form the unpatched vulnerabilities of IE8 50% (2 of 4 Secunia advisories)

Why IE allow plugins to that extent and moreover why support such a technology only to make a PR announcement if google release a plugin?

To have IE fulfill the reputation it got on paper better disable its activex support and use it for what is left…

Maybe having IE support standards without plugins would help, though it is not the case…

as this will allow MS to deploy its proprietary (non-standard) features using those on-demand installations (as an alternative of bundling them) and continue to provide outdated compliance delaying plugin-less updated open web standard support…

It make me wonder how many IE users are aware of how many plugins (already exploited in the past) are now silently running in their IE and believed the issue was adding one more…

If IE was actually up-par there was no need for a plugin and the limitation affect those who have to provide contents and countless unaware users who will not even be aware of what they will miss…

The sheer userbase IE attained and now affects the quality of content available on the internet was not attained due to technological superiority despite MS woke up with an aggressive marketing campaign with IE8…

Indeed the full google chrome is one click away and it is unlikely that those who installed it and tested the differences with IE will stand to use IE all the time…

…whenever chrome is not bundled with windows it can obliviously installed as an addition until these user will be able to bear with IE was their primary browsers once they will be aware of the differences…

Why install a plug-in at all if standard compliant browser provide better support in a faster and secure way than IE?

Should anybody browse the web with years old technology support (IE7 full compliance dates back even to 1997 technology) and wait until MS eventually catch the gap and tell them that is OK to get updated open standard compliance?

http://service.futuremark.com/peacekeeper/index.action
http://benfirshman.com/projects/jsnes/

Being currently a drag it wouldn’t MS place to say that at all… since this affect content providers and the quality of the content users will get to see…

Thanks Microsoft…

Every bit of that is irrelevant to this topic. The other plugins that IE has or “standards” it doesn’t meet are also irrelevant. They make a point of Chrome for the reasons I have already stated. It is a foreign element with a whole NEW set of vulnerabilities and potential avenues of attack. No more than that needs to be said. As MS said, it doubles the possibility of attack. I think that might be a conservative statement. IE8 is the best at blocking malware and phishing attempts, Chrome is the worst.

This is not a topic about the browser wars, it is about a plugin, period, and whether it’s good or not so good.

( But just for information—I have never used anything but IE since version 4 except for brief trials of Netscape, Firefox, Chrome, and Opera, and I have never been infected or hacked and never seen a reason to use any other browser)

Guess you might be misleading yourself or for some reason you wish to restrict the span of of this topic to the targeted PR backlash Microsoft made.

Though you might not have been aware, the standards support limitations, obviously pertaining also IE6 and IE7, were one of the reasons that plugin was released and thus unmistakably relevant to this topic.

Additionally the point MS made actually pertains all plugins (and all IE versions), and I don’t think anybody would even dare to restrict that aspect to one in particular because MS said so

I guess it would be worth pointing out that the test you mentioned is n-fold irrelevant for a topic spanning on plugin vulnerabilities:

IE8 was marketed as the best but IE7 failed even that MS paid dubious test whereas IE6 and IE7 are used as much as IE8 and don’t even feature that hyped feature (BTW IE7 was the worst of all, neglecting the missing IE6, even in that MS paid test).

Additionally oversimplified headlines overstated the span of that paid test which blatantly neglected exploits whereas there are already articles that question the methodology and hence the reliability of those hyped results even disregarding its severely restricted focus it was commissioned for …

IE supports a whole lot of vulnerable activex plugins, only MS might have believed it was possible to restrict the focus of such point to a specific one in particular.

So as long they made that point users should be aware of the real extent of it and start looking at the plugins they already have and the ones that Internet explorer will allow as long they will continue to use it (nor even MS paid a test to check at least IE8 smart-filter against vulnerabilities)…

Obviously it worths nothing if IE is patched when it allow exploits through vulnerable plugins (including Microsoft plugins not counted in IE vulnerability lists)…

Kudos to MS for that timid reminder though they forgot to patch currently open IE own vulnerabilities whereas chome has none

Obviously those IE own vulnerabilities would be complemented n-fold by existing activex vulnerabilities IE is able to support

despite on paper they might get to read only about IE own ones.

Browsers vulnerabilities aside, for what it matters anybody could continue to browse the web with a 1997 technology (with an hopefully patched browser whenever it support a limitless number of vulnerable plugins) and be fine with it…

Who knows. disregarding technology improvements, updated compliance and the rest maybe they won’t get exploited…

… or at least won’t even be aware when they will…

Though the full standalone google chrome is one click away and it is unlikely that those who installed it and tested the differences with IE will stand to use IE all the time…

Indeed a 1997 technology can still provide some sort of functionality and usability…

Better than nothing and sure nobody will miss something whose factual implementation they have not even been aware of…

http://service.futuremark.com/peacekeeper/index.action
http://benfirshman.com/projects/jsnes/
http://www.acidtests.org/

Obviously there is no hurry as the rest of content providers are waiting for them before releasing updated feature-rich versions they won’t get to see using IE…

Okay, boil this down to the simplest terms. IE8 can and will be exploited. Chrome can and will be exploited. Using only one of the two has to be safer than using a plugin that combines them.

What standards each one does or does not support is meaningless. What the inherent vulnerabilities of each one are is also meaningless. What does matter is that malware authors can find ways to exploit both of them. Why should a user of IE expose himself to twice as many avenues of attack just for a little more speed and the use of “standards” which almost nobody implements?

My other question still stands as well. If Google continues development of this, will it be updated and patched on the same basis as the full browser?

Also, I am not a fan of anything Google offers except their search engine. I tried Chrome, found it’s look and interface primitive and then found uninstalling it completely to be a real pain. I tried gmail on the recommendation of friends. I was getting absolutely no spam previously but after making a gmail account I was inundated with advertising emails which were sent to the alternative email I had provided while creating the gmail account even though I had opted out of everything pertaining to being contacted by anybody. I would suggest that anyone using Gmail check out an alternative called GMX (gmx.com) It is feature rich, free, and has no ads on the web page and inserts no ads into mail. It also never has outages. It simply works with no hassles.

The simplest terms are that not only IE that can be exploited but also the unaccounted but numerous plugins it supports.

There is no doubt that IE alone was and will continue to be exploited whereas its activex support was abused countless times in addition to IE own vulnerabilities…

Attack exposure increase? IE already got it, it is not limited to a single plugin, it’s n-fold whenever IE activex support was semingly marketed as a feature until MS made that point…

Each and any plugin IE supports multiply its attack surface.

Obviously there are even MS activex included in bare-bone windows installations providing an n-fold increase right off the bat despite apparently MS didn’t bother to enumerate, multiply and write about that 88)

There is a whole lot of IE-aware plugins users might not even be aware of ready to be leveraged upon in IE.

Some examples of vulnerable activex exploited through IE (there are countless):

[ol]- Hackers Exploiting Facebook, MySpace Plug-ins (deployed form legitimate websites)

IE vulnerability count didn’t increase. Technically IE was still “secure”…

…obviously they didn’t have to patch IE but the vulnerable plug-ins abused thanks to IE activex support…

BTW Microsoft left unpatched the last one for a year and fixed only after it was reported that it was been exploited in the wild though Internet Explorer.

Again though MS was apparently explicit only for Chrome frames plugin, it would be the same as MS making a point about Java, Flash, Acrobat, Office, Windows Media Player and countless other IE plugins

All those apps installed plug-ins exploitable using a “fully patched” secure IE.

If one plugin is going to double the attach surface there are countless unaware users relying on a IE with a multiple increase of attack surface from multiple plugin Microsoft neglected to point out and that are already installed…

Office + windows media player alone provide at least an additional three fold increase… adding another plugin will provide a four fold increase…

Being concerned about one single plugin and neglect the countless increase provided by the rest would make no sense…
…as obviously a fully patched IE could be exploited by means of a vulnerable activex plug-in (including the ones made by Microsoft itself).

Users should be aware of the real extent of that point MS made and start looking at the plugins they already have and the ones that Internet explorer will allow as long they will continue to use it…

…as many sites deploy IE-only activex plugins, applications and even windows itself comes with plugins that can be ab/used with IE.

Why exposing to the countless of activex vulnerabilities IE supports (in addition to IE own vulnerabilities)?

Besides should anybody browse the web with years old technology support (IE7 full compliance dates back even to 1997 technology) and wait until MS eventually catch the gap and tell them that is OK to get updated open standard compliance?

Indeed a 1997 technology can still provide some sort of functionality and usability… many could be fine with their outdated IE and won’t miss something whose factual implementation they might have not even been aware of…

http://service.futuremark.com/peacekeeper/index.action
http://benfirshman.com/projects/jsnes/
http://www.acidtests.org/

Obviously there is no hurry as the rest of content providers are waiting for them before releasing updated feature-rich versions they won’t get to see using IE…

Though it looks like IE6 and IE7 are still used as much as IE8, there is no need to install a plugin to get updated standard support (unlike IE) as the full google chome is one click away

As for browser’s own vulnerabilities (neglecting the vulnerable activex IE8 supports) it looks like chrome has none whereas Microsoft “point” was made when IE8 hyped browser has still unpatched vulnerabilities (including a 7 months old one)…

Will google behave like Microsoft?
Time will tell…

You are just repeating yourself over and over with ranting attacks on IE and MS. NO, the simple version is this.

IE8 + Chrome frame = 2 browsers in one. Both have their share of attack vectors but you only focus on how IE has been attacked and provide no info on the many attacks that have occurred on Chrome. If IE has “unpatched vulnerablilities” it is because no actual exploit of them exists. Patching other things takes priority over theoretical maybes but again, this has no bearing on the discussion at hand.

Since you would have two browser engines in one browser, it only makes sense that the avenues of attack for both would be present. Maybe not simultaneously, but as soon as Chrome’s engine kicked in, it’s attack exposure would be activated. Chrome frame is more than an ordinary plugin. It is the interjection of someone else’s problems on top of your own. I see it as an insidious attempt by Google to try and steal away IE users. It’s despicable and there should be a way for MS to take legal action. The other plugins such as Flash, java, etc. have all been approved by MS. This one definitely has not.

The fact that IE attack surface is increased by available plugins was hinted by none other MS itself in that google targeting PR backlash.

Though interesting to notice how much of the information so far provided you were able to retain and the span of self-serving oversimplifications you rely to cope with them, again you misunderstand the span of the IE activex threat type implicit in MS “point”.

Maybe you don’t need to since you took the effort to claim you "have never been infected ", regardless of what browsers you used, in your IE testimonial. 88)

You even wondered how google would schedule patches…

But according to the criteria hinted in the above quote of yours, it is legitimate to leave something unpatched for more than 7 months and start patching only after some users are exploited or maybe you got confused and assumed MS would not leave unpatched something for which an exploit is available before being eventually confirmed in the wild…

Though the activex based IE “avenues of attack” I listed as example were not “theoretical” like the ones foresaw in your awe-inspiring post on chrome “try and steal”…

Many users having several of those IE “avenues” already installed don’t ever know that nor realize IE is an “avenue” supporting browser…

If it was simple as you insofar repeated it, the “theoretical” comments, you and MS made, would be pointless by vrtue of some your own criteria…

Take your time to understand the issue, even if ATM you might be willing to restrict the focus at you convenience, there is no hurry…

Though if you got some insider info about plugins MS “approved” for that supposedly unrestricted activex-based extensibility “feature” then that would be something interesting to tell the DOJ at least…

There is nothing theoretical about Chrome being attacked. It already has been on many occasions. It also makes no difference whether the user of any browser is aware of how it can be attacked. You keep saying that MS only said the Chrome plugin could open IE to attack and ignored the problems already present but they did no such thing. If they had said that the Chrome Frame plugin would expose IE8 to attack you might have a point, but that is not what they said. They said that it would double the possibilities of attack, thereby admitting to any and all of the possiblities already present in IE.

This renders all your presentations about active x and unpatched vulnerabilities meaningless.

I still do not trust Google’s motivations here.