News

Google Finds Way To Bypass Internet Explorer Engine

• By Kurt Mackie
• September 24, 2009

Google introduced a coding plug-in for Web site developers that instructs Microsoft Internet Explorer browsers to use Google Chrome technologies.

The plug-in, called "Google Chrome Frame," was announced on Tuesday and is still at the early release stage, according to a Google blog. The blog features a video suggesting that IE 8 will pass the Acid3 test while using Google Chrome Frame. It also suggests that developers will see better support for rich Internet applications by using the plug-in.

The switch is triggered by adding a single tag to a Web site's HTML markup. It tells IE to use the open source WebKit Web content engine favored by the Google Chrome browser rather than Microsoft's IE Trident layout engine.

Web developers can take advantage of upcoming HTML 5 technologies and "recent JavaScript performance improvements" by using Google Chrome Frame, according to Google's blog. However, HTML 5 is still at the draft stage. W3C documentation points to a release milestone for the HTML 5 recommendation sometime in 2009 to 2010. A Google spokesperson said that final changes to the HTML 5 spec might happen in October or November, but "it's still a long process after that."

HTML 5 will have offline capabilities allowing calendar or e-mail applications to sync, as well as audio and video tags that don't depend on the browser using Adobe Flash or Microsoft Silverlight, the Google spokesperson noted.

A spokesperson for Microsoft explained in a released statement that "HTML5 is still a standard in progress and the makers of it say it will be years at least before it's done, so no one can standardize on it." The spokesperson added that all browsers support parts of HTML 5. Internet Explorer supports the following features in the current spec:

• "The DOM Store -- that allows developers to store content and data on the end users computer
• Cross Document Messaging
• Cross Domain Messaging
• Ajax Navigation
• ContentEditable"

The statement provided by Microsoft suggested that there could be security repercussions to using Google Chrome Frame.

"Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attack area for malware and malicious scripts," the statement explained. "This is not a risk we would recommend our friends and families take."

Microsoft referred people to studies by NSS Labs, funded by Microsoft, on the protections afforded by browsers against phishing attacks and malware. Those studies found IE 8 to be one of the safest browsers.

A statement from Google took a different view on the alleged security risks of its browser and plug-in.

"While we encourage users to use a more modern and standards compliant browser such as Firefox, Safari, Opera or Google Chrome rather than a plug-in, for those who don't, Google Chrome Frame is designed to provide better performance, strong security features, and more choice to both developers and users, across all versions of Internet Explorer."

Google's statement cited protections against malware and phishing, as well as its sandbox security technology, plus frequent browser updates to meet emerging online threats.

A Microsoft blog accused Google of messy coding practices with Google Chrome Frame. Felix Wang, a Microsoft Web evangelist, indicated that the use of Google Chrome Frame interfered with IE 8. It also mangled a Windows registry setting, he explained.

"If any googler wants to investigate, just drop me a line and I'm happy to provide MPS report or other troubleshooting data for diagnostics," Wang wrote.

The Google spokesperson said in a phone call that Google is currently working on a bug fix to the problem described by Wang.