Page 1 of 1

Google Chrome Frame plug-in for IE

Posted: Wed Sep 23, 2009 4:50 pm
by MikeGale
I don't have useful insights into the environments that still use IE6, but I can imagine some friction.

I am personally opposed to web sites that say things like "you have a really horrible browser, download this one...". (Also I still sometimes see sites that say optimised for Netscape 4.x or whatever, another way to get a great laugh!!) I consider a message from your page to download Chromeframe in that same light. Imagine if somebody on a slow connection goes for it and then loses a lot of time while it all happens (and maybe fails). Having them hate you might be the least of your problems. If they come after you with a baseball bat can you be entirely surprised?

If I were ever to use this I'd probably detect browser at the server and deliver different content. (Which is a whole other can of worms.)

A good thing is that it is fully opt in. If you do nothing you are not involved.

If I found that a site was getting an important number of IE6 visitors with the chromeframe already there it might be worth considering.

Re: HTML 5 / HTML5

Posted: Fri Sep 25, 2009 12:26 am
by MikeGale
I see that Microsoft has commented on googleframe. I'm surprised.

See for some details.

It refers to a security analysis run across the major browsers. Interesting stuff. See for the phishing attack report.

I think it worthwhile for developers to have a look at this.

Re: HTML 5 / HTML5

Posted: Fri Sep 25, 2009 8:54 am
by Albert Wiersch
MikeGale wrote:I see that Microsoft has commented on googleframe. I'm surprised.
Interesting. That makes sense to me. Running Chrome inside of IE (especially older versions like IE 6) seems "ripe for a security issue".

Re: HTML 5 / HTML5

Posted: Sat Oct 03, 2009 7:17 pm
by MikeGale
I have now seen some analysis of this

Pointing out some issues for developers, suggesting that this was triggered by Google frustration at the slow progress of Chrome.

Google has also announced Wave, which looks a lot like why they announced Frame.

I haven't managed to get any numeric estimates of how Frame will do from the developer community for the product.

Re: HTML 5 / HTML5

Posted: Tue Oct 06, 2009 3:52 pm
by MikeGale
On Googleframe.

As this seems to be developer only at present, and is not yet fully baked, you should be aware of what you are getting into.

It will also make your version of IE non standard, remember that when testing. (I haven't been able to get any numbers, let alone numbers I would take seriously, about when it may have enough users. So the jury is out.) The good thing is that you have to deliver special pages to even trigger it.

Google seems to be saying some odd things here. The add in is for IE 6, as far as I can see, but they talk about IE in general. That's misleading. (Is it deliberate?)

It could be an attack route into your browser. (That alone might scupper the add-in in the corporate world where IE6 hangs on. It seems that some companies have cut their web teams to near nothing, so they force IE6 to support older, legacy, internal applications. Without money to even maintain existing content, I can't imagine them wanting any headaches from browser changes (they've already worked hard to freeze browser deployment).)

I'm holding off until I think it worth investigating further.

Microsoft should be Embarassed

Posted: Sat Oct 17, 2009 10:40 pm
by Albert Wiersch
Microsoft should be ashamed of itself after "secretly" including a Windows Presentation Foundation Firefox plug-in with the NET Framework 3.5 SP1 update that has some serious problems.

I'm glad Firefox is fighting back. I was notified that it was being disabled.
WPF.png (24.24 KiB) Viewed 8953 times
More info: ... nk;content
Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.

Re: Microsoft should be Embarassed

Posted: Sun Oct 18, 2009 1:43 am
by MikeGale
I think there's more to this than meets the eye.

WPF is a bit like Flash and maybe a bit like Java. There have been security holes in those that you can drive a truck through. Don't get reported much and some of them last for a very long time seemingly without being attended to.

I'd love to see good penetration of WPF onto browsers. It gives a way to escape the trap of zero or very little development in HTML for so long.

It'll be interesting to find out some details.