On CHOW: How to avoid dirty looks at cafes
BNET Business Network:
BNET
TechRepublic
ZDNet

September 24th, 2009

Microsoft says Google Chrome Frame doubles IE attack surface

Posted by Ryan Naraine @ 7:00 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Google, Google Chrome, Malware, Microsoft, Pen testing, Phishing

Tags: Google Inc., Microsoft Internet Explorer, Microsoft Corp., Google Chrome, Attack, Web Browsers, Cyberthreats, Spyware, Adware & Malware, Security, Viruses And Worms

Google’s decision to introduce a plug-in that runs Google Chrome inside Microsoft’s Internet Explorer isn’t sitting well with the folks at Redmond.

The Google Chrome Frame, which is presented as a  seamless way to bring Google Chrome’s open web technologies and speedy JavaScript engine to Internet Explorer, has increased the attack surface for IE users, Microsoft said today.

Here’s Microsoft’s official reaction:

“With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers. Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attach area for malware and malicious scripts. This is not a risk we would recommend our friends and families take. For a deeper look at how the browsers stack up in security, take a look at the latest phishing and malware data from NSS Labs.”

This video from Google explains the decision to release the Chrome Frame:

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 51 Talkback(s)
Webkit
Correct, it runs on WebKit, the same as Safari, WebKit, and Adobe AIR, as
well as the browser built into the iPhone and iPod Touch. It's comes from
KDE, so in theory it shares a common base wi... (Read the rest)
Posted by: geotopia@... Posted on: 10/19/09 You are currently: a Guest | | Terms of Use
Actually, it means that some of the browsing will be much safer by using  DonnieBoy | 09/24/09
faster but less secure  kaninelupus | 09/25/09
Actually...  philip.lane@... | 09/25/09
I use Chrome Too - but...  wellduh | 09/29/09
Huh?  AzuMao | 09/30/09
You have remember that it's still IE  T1Oracle | 09/26/09
Phishing is FUD, you stop.  AzuMao | 09/28/09
Chrome is changing  wellduh | 09/29/09
That's weird.  AzuMao | 09/30/09
Webkit  geotopia@... | 10/19/09
Microsoft has no friends  geotopia@... | 10/19/09
RE: Microsoft says Google Chrome Frame doubles IE attack surface  battyr | 09/24/09
typical unfounded alegations  Linux Geek | 09/24/09
perhaps if you read this you would rethink your statement  nessrapp | 09/24/09
Don't be silly ...  de-void | 09/24/09
If you read this  sirpaul1 | 09/24/09
I'm not interested in reports paid for my M$  blueskip | 09/25/09
Just another MS basher  chiefpace | 09/26/09
Dont know how to search? happy  insanish1 | 09/26/09
Google is doing this to make better web apps  K B | 09/26/09
But there IS Chrome for Mac...  thebeans | 09/26/09
Perhaps you should read the page you're linking to, genius.  AzuMao | 09/28/09
... what?  Ceridan | 09/24/09
Allegations Spelled With 2 L's  mlbslugger | 09/24/09
Typical ridiculous statements  bored_with_the_same_old_moaning | 09/25/09
Are you suggesting ...  de-void | 09/24/09
RE: Microsoft says Google Chrome Frame doubles IE attack surface  blueskip | 09/25/09
Purpose  p.vinnie@... | 09/24/09
Actually, it might be a good way to support sites that do not work without  DonnieBoy | 09/24/09
Coming around Donnie  LiquidLearner | 09/24/09
admin - that's a conversation I had today !  dgrainge | 09/25/09
You said a mouthful brother...  blueskip | 09/25/09
Sigh!  de-void | 09/24/09
RE: Microsoft says Google Chrome Frame doubles IE attack surface  cosuna | 09/24/09
He's right... but flash.. is also bad.  Ceridan | 09/24/09
You do know...  LiquidLearner | 09/24/09
RE: Microsoft says Google Chrome Frame doubles IE attack surface  SystemVoid | 09/24/09
RE: Microsoft says Google Chrome Frame doubles IE attack surface  IE8 | 09/25/09
Protecting...Oh that's what they call it!  blueskip | 09/25/09
Google says IE doubles Chrome Frame attack surface  jasonp@... | 09/25/09
RE:Google says IE doubles Chrome Frame attack surface  blueskip | 09/25/09
Sleep At Nights Under Redmond's Watch  preacherx | 09/25/09
RE: Microsoft says Google Chrome Frame doubles IE attack surface  rrr@... | 09/25/09
Literally true, but also marketing...  MichaelArgast | 09/25/09
So... how do we turn off the IE rendering bits and half the attack surface  ComputerGeneralist | 09/25/09
RE: Microsoft says Google Chrome Frame doubles IE attack surface  Matt Gabriel | 09/26/09
RE: Microsoft says Google Chrome Frame doubles IE attack surface  leonbakhan | 09/27/09
How did "attach area" becom "attack surface"?  Fred Fredrickson | 09/27/09
RE: Microsoft says Google Chrome Frame doubles IE attack surface  Mr Piston | 09/28/09
MS cannot write secure software  wellduh | 09/29/09
Microsoft would do better to just ask Google how they did this  Lerianis10 | 10/16/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here