Updated Google is offering a new Internet Explorer plug-in that turns Microsoft's browser into a Google browser. And in predictable fashion, Microsoft is peeved.
"In the past, the Google Wave team has spent countless hours solely on improving the experience of running Google Wave in Internet Explorer. We could continue in this fashion, but using Google Chrome Frame instead lets us invest all that engineering time in more features for all our users, without leaving Internet Explorer users behind."
And by adding a new tag, other developers can run their web applications on Google's new turn-IE-into-Chrome plug-in.
"Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attack area for malware and malicious scripts. This is not a risk we would recommend our friends and families take."
Microsoft may have a point that running a browser inside a browser expands the attack surface area. But it's a small one. "It sounds like the Microsoft spokesperson is suggesting that because plug-ins have a history of insecurity (as all software does), then Google Chrome Frame must also have the same problems," says Jeremiah Grossman, a web-application security expert and the CTO of WhiteHat Security.
"If so, that is a very shallow critique. Malware that targets Chrome is essentially unheard of due to an insignificant market share as compared to Internet Explorer, which is routinely targeted."
What's more, Microsoft has a certain interest in keeping Google Wave at bay. And that "friends and family" bit is priceless. And it's a tad ironic that Redmond is complaining about plug-ins as it clings to Silverlight while the rest of the major browser vendors push ahead with HTML5.
"I think Microsoft has a lot of constraints, as the vendor with the browser that has the largest share," Google engineering head Vic Gundtra said at the company's developer conference this spring. "They have to worry about issues that some of us don't have to. They have a huge enterprise usage, and enterprises have specialized requirements. Updating these browsers could break enterprise apps."
But in this case, Microsoft's FUD is chock-full of even more nonsense than the FUD it spewed over the Google plug-in that turned Microsoft Outlook into Gmail.
On another level, all this underscores why Google felt the need to build its own browser - and its own browser-based operating system. Under development for more than two years, Google Wave is a browser app designed to reinvent online communication, crossbreeding email with IM and document sharing. But it can't run on the world's most popular browser. Google is intent on replacing Windows, Office, and Outlook, but first, it must replace IE.
Next week, if you try to log-in to Google Wave with Internet Explorer 6, 7, or 8, you'll get a message that suggests you install Google Chrome Frame - or make the switch to Firefox, Safari, or (the real) Chrome. But there will be a small note at the bottom that says "If you want to continue at your own peril, go ahead."
So, it's a choice between your own peril and the safety of your friends and family. Or you can just ditch IE and switch to a better browser. If you're reading these words, chances are you've already made the switch. But you have to wonder how many will follow. And how quickly. ®
After a request from The Reg, Google has responded to Microsoft's comments on its new plug-in. "Google Chrome Frame is an open source plug-in that is currently in an early developer release and was designed with security in mind from the beginning," says a Google spokesman."While we encourage users to use a more modern and standards compliant browser such as Firefox, Safari, Opera or Google Chrome rather than a plug-in, for those who don't, Google Chrome Frame is designed to provide better performance, strong security features, and more choice to both developers and users, across all versions of Internet Explorer.
"Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users, providing strong phishing and malware protection (absent in IE6), robust sandboxing technology, and defenses from emerging online threats that are available in days rather than months. We invite all parties with thoughts about Google Chrome Frame to explore our code and provide feedback about this technology with the open source community."