File Under: Software & Tools

Mozilla VP on Why Google Chrome Frame Is a Bad Idea

If you’ve been thinking Google’s recently unveiled Chrome Frame plug-in for Internet Explorer might be the answer to all the web’s IE pains, well, you might want to think twice.

Mozilla’s Vice President of Engineering Mike Shaver says Google’s Chrome plug-in for IE is a bad idea. In a post on his personal blog, Shaver expresses his belief that the Chrome plug-in for IE muddles the user’s understanding of browser security, and in the end will create more confusion and little benefit. Shaver argues that simply telling users to switch browsers is far better strategy.

The controversy surrounds Google’s recently announced open-source plug-in for IE called Google Chrome Frame. Chrome Frame can be used to automatically force IE to load a website using the same WebKit rendering engine as Google Chrome, complete with its enhanced JavaScript rendering and support for HTML5 technologies like Canvas and embedded audio and video.

On the surface it sounds like a great way to get offer Internet Explorer users a way to enjoy the modern web — the Chrome Frame plug-in makes HTML5 tools work and renders pages according to web standards. However, while Chrome Frame might look good to web developers tired of dealing with Internet Explorer’s wonky rendering and antiquated feature set, Shaver doesn’t believe Chrome Frame is the answer. Rather, he thinks the far better solution would be to convince users of IE 6 or IE 7 to simply upgrade to the Chrome browser itself.

According to Shaver, “running Chrome Frame within IE makes many of the browser application’s features non-functional, or less effective.” He points out that using Chrome Frame in IE partially disables the browser’s private browsing mode and other security controls.

In a follow-up e-mail with Webmonkey, Shaver says his concerns are not so much “surface attacks” that Microsoft lashed out against, but rather how users will react.

Part of the problem he believes lies with the decision to allow site developers to trigger the Chrome Frame, which means users never get to know which browser is actually in control.

Shaver thinks the confusion such a situation creates will adversely affect users, pointing out a number of possibly confusing scenarios:

Will they get anti-phishing indications that they understand?

Is the dialog telling them about a problem from their browser, from the injected rendering engine, or from a spoofing site?

If they permit a site to know their location, is that being sent by the same rules as when they answered that on another site, with a different-looking dialog?

Do they understand what browser they’re using when getting support?

Are they really in private browsing mode?

Are they mad at Microsoft or Google if it crashes?

He also points out that many people who are forced to use IE 6 do so because they have no control over what software they use — for example a corporate network where system admins control the software that’s installed. In that situation, it’s unlikely users would be able to install Chrome Frame anyway.

See Also: