Google, stop sticking your Chrome Frame in my IE!

Mar 10
08:22

2010

M Frizzi

M Frizzi

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

In September, Google announced they were developing a plugin for Internet Explorer that would provide the ability to render a page with Google Chrome if it contains a tag from the web developer noting their desire for you to use it. Why would developers choose to do this?

mediaimage

Google argues it drags Internet Explorer kicking and screaming into the future by enabling a faster JavaScript rendering engine, HTML 5,Google, stop sticking your Chrome Frame in my IE! Articles and better CSS and layout handling.  As I began to look into the technological underpinnings of this move alarm bells sounded deep within the security center of my brain.Pages that use this tag will bypass add-ons designed to consume content from the IE rendering engine.Viewing pages through Chrome Frame effectively disables add-ons like our Sophos Web Content Scanning add-on that are designed to secure a users browsing experience.  I wasnt the only one concerned, as a lot of press mentioned Microsofts reaction, and even browser rival Mozillas two cents.Immediately we began to receive inquiries from customers as well.  Colin Coulter from animation company Aardman contacted us requesting we add Chrome Frame to our controlled applications list.John Stringer, our product manager who oversees our application list, has notified me that we will in fact be adding this plugin to our controlled applications in next months release.  Colins reaction to Chrome Frame adds another dimension to the discussion of its impact for IT administrators.In Colins email he states: It makes our job as a support department that much more difficult.The thought of a browser running a sub browser via a plug-in! Imagine trying to support that if/when it goes wrong?  The webification of applications, standards that are evolving at a breakneck pace, and users increasing mobility are creating a very difficult environment for administrators.We dont need to provide even more ways of increasing the attack surface and creating nightmare support scenarios.I agree with Mozillas Mike Shaver when he suggests users who want access to a fast browser and cutting edge content should just be encouraged to use a better browser.  Mozilla itself was a victim of this problem when Microsoft installed two insecure plugins into Firefox early this year without notice or approval from users.Browsers hijacking browsers? Really? The simpler our networks are the easier they are to secure.Google, please stop introducing more complexity.We expect better of you.