Google's Chrome Frame: Making IE Less Secure?
Page 1 of 1
From the "My Browser is More Secure Than Yours" files:
It's a claim that Google disagrees with.
From my perspective, they're both right ... and wrong. Here's why:
Chrome Frame, like any plug-in for any browser, does provide extra functionality and code. As such, from a purely objective point of view, it does present a broader potential attack surface and new attack vectors. Simply put, when there is more code, there is more code to attack that is potentially vulnerable.
As well, the known risk from all plug-ins (highlighted recently with Adobe's Flash) is that users do not update them as often as they should, leaving them at risk.
At this early stage, it's not clear to me how Chrome Frame is updated. Though Google Chrome itself has one of the best updating systems around, providing transparent automatic updates to users.
On the other side of the equation, Chrome (to date) has not as been as widely attacked as IE. There have not been nearly as many (not even close) publicly known vulnerabilities in Chrome or Chrome specific malware or scripting (XSS, CSRF etc.) attacks.
Next page: The value of Chrome Frame