Google Chrome Frame plug-in for IE

Post here if your message doesn't fit into another forum but is still about web development. Includes site critiques, web hosting and server questions, helpful software and resources, and more.
Post Reply
User avatar
MikeGale
Rank VI - Professional
Rank VI - Professional
Posts: 711
Joined: Mon Dec 13, 2004 1:50 pm
Location: Tannhauser Gate

Google Chrome Frame plug-in for IE

Post by MikeGale » Wed Sep 23, 2009 4:50 pm

I don't have useful insights into the environments that still use IE6, but I can imagine some friction.

I am personally opposed to web sites that say things like "you have a really horrible browser, download this one...". (Also I still sometimes see sites that say optimised for Netscape 4.x or whatever, another way to get a great laugh!!) I consider a message from your page to download Chromeframe in that same light. Imagine if somebody on a slow connection goes for it and then loses a lot of time while it all happens (and maybe fails). Having them hate you might be the least of your problems. If they come after you with a baseball bat can you be entirely surprised?

If I were ever to use this I'd probably detect browser at the server and deliver different content. (Which is a whole other can of worms.)

A good thing is that it is fully opt in. If you do nothing you are not involved.

If I found that a site was getting an important number of IE6 visitors with the chromeframe already there it might be worth considering.

User avatar
MikeGale
Rank VI - Professional
Rank VI - Professional
Posts: 711
Joined: Mon Dec 13, 2004 1:50 pm
Location: Tannhauser Gate

Re: HTML 5 / HTML5

Post by MikeGale » Fri Sep 25, 2009 12:26 am

I see that Microsoft has commented on googleframe. I'm surprised.

See http://j.mp/2Rguz8 for some details.

It refers to a security analysis run across the major browsers. Interesting stuff. See http://j.mp/2fhEFg for the phishing attack report.

I think it worthwhile for developers to have a look at this.

User avatar
Albert Wiersch
Site Admin
Site Admin
Posts: 3453
Joined: Sat Dec 11, 2004 9:23 am
Location: Near Dallas, TX
Contact:

Re: HTML 5 / HTML5

Post by Albert Wiersch » Fri Sep 25, 2009 8:54 am

MikeGale wrote:I see that Microsoft has commented on googleframe. I'm surprised.
Interesting. That makes sense to me. Running Chrome inside of IE (especially older versions like IE 6) seems "ripe for a security issue".
Image
Albert Wiersch

User avatar
MikeGale
Rank VI - Professional
Rank VI - Professional
Posts: 711
Joined: Mon Dec 13, 2004 1:50 pm
Location: Tannhauser Gate

Re: HTML 5 / HTML5

Post by MikeGale » Sat Oct 03, 2009 7:17 pm

I have now seen some analysis of this
http://j.mp/4Ccl1M

Pointing out some issues for developers, suggesting that this was triggered by Google frustration at the slow progress of Chrome.

Google has also announced Wave, which looks a lot like why they announced Frame.

I haven't managed to get any numeric estimates of how Frame will do from the developer community for the product.
Last edited by MikeGale on Tue Oct 06, 2009 3:30 pm, edited 1 time in total.

User avatar
MikeGale
Rank VI - Professional
Rank VI - Professional
Posts: 711
Joined: Mon Dec 13, 2004 1:50 pm
Location: Tannhauser Gate

Re: HTML 5 / HTML5

Post by MikeGale » Tue Oct 06, 2009 3:52 pm

On Googleframe.

As this seems to be developer only at present, and is not yet fully baked, you should be aware of what you are getting into.

It will also make your version of IE non standard, remember that when testing. (I haven't been able to get any numbers, let alone numbers I would take seriously, about when it may have enough users. So the jury is out.) The good thing is that you have to deliver special pages to even trigger it.

Google seems to be saying some odd things here. The add in is for IE 6, as far as I can see, but they talk about IE in general. That's misleading. (Is it deliberate?)

It could be an attack route into your browser. (That alone might scupper the add-in in the corporate world where IE6 hangs on. It seems that some companies have cut their web teams to near nothing, so they force IE6 to support older, legacy, internal applications. Without money to even maintain existing content, I can't imagine them wanting any headaches from browser changes (they've already worked hard to freeze browser deployment).)

I'm holding off until I think it worth investigating further.

User avatar
Albert Wiersch
Site Admin
Site Admin
Posts: 3453
Joined: Sat Dec 11, 2004 9:23 am
Location: Near Dallas, TX
Contact:

Microsoft should be Embarassed

Post by Albert Wiersch » Sat Oct 17, 2009 10:40 pm

Microsoft should be ashamed of itself after "secretly" including a Windows Presentation Foundation Firefox plug-in with the NET Framework 3.5 SP1 update that has some serious problems.

I'm glad Firefox is fighting back. I was notified that it was being disabled.
WPF.png
WPF.png (24.24 KiB) Viewed 7834 times
More info:
http://blogs.zdnet.com/security/?p=4614 ... nk;content
Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.
Image
Albert Wiersch

User avatar
MikeGale
Rank VI - Professional
Rank VI - Professional
Posts: 711
Joined: Mon Dec 13, 2004 1:50 pm
Location: Tannhauser Gate

Re: Microsoft should be Embarassed

Post by MikeGale » Sun Oct 18, 2009 1:43 am

I think there's more to this than meets the eye.

WPF is a bit like Flash and maybe a bit like Java. There have been security holes in those that you can drive a truck through. Don't get reported much and some of them last for a very long time seemingly without being attended to.

I'd love to see good penetration of WPF onto browsers. It gives a way to escape the trap of zero or very little development in HTML for so long.

It'll be interesting to find out some details.

Post Reply