微软猛击谷歌Chrome浏览器框架

It’s kicking-off! Microsoft is recommending that users avoid Google Chrome Frame because it’s a “security risk.” A company spokesperson issued the following statement:

它开始了！ 微软建议用户避免使用Google Chrome浏览器内嵌框架，因为它存在“安全风险”。 公司发言人发表了以下声明：

With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers.

使用Internet Explorer 8，我们取得了重大的进步和更新，以使我们的客户更安全地使用浏览器。

Given the security issues with plugins in general and Google Chrome in particular, Google Chrome Frame running as a plugin has doubled the attach area for malware and malicious scripts. This is not a risk we would recommend our friends and families take.

考虑到一般插件(尤其是Google Chrome)的安全性问题，作为插件运行的Google Chrome Frame已使恶意软件和恶意脚本的附加区域增加了一倍。 这不是我们建议我们的朋友和家人承担的风险。

Google quickly retaliated:

GoogleSwift进行了报复：

Accessing sites using Google Chrome Frame brings Google Chrome’s security features to Internet Explorer users.

使用Google Chrome浏览器内嵌框架访问网站为Internet Explorer用户带来了Google Chrome浏览器的安全功能。

It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology, and defenses from emerging online threats that are available in days rather than months.

它提供了强大的网络钓鱼和恶意软件防护，而IE6却不提供此功能，强大的沙箱技术以及针对新兴的在线威胁的防御，这些攻击可在数天而不是数月内获得。

Is there any substance to Microsoft’s claims?

微软的主张有什么实质内容吗？

Quoting security possibly isn’t the best angle they could have taken; Microsoft lives in a big glass house and shouldn’t throw boulders. IE may now be more secure than any other browser but that’s not always been the case. Google has experienced a few security issues with Chrome but they have been dealt with quickly.

引用安全性可能不是他们本来可以采取的最佳方法。 微软住在一个大玻璃屋里，不应该扔巨石。 IE现在可能比任何其他浏览器都更安全，但事实并非总是如此。 Google在Chrome上遇到了一些安全问题，但是很快就得到了解决。

Also, how many virus and malware developers are specifically targeting Chrome? I suspect it’s a small number compared to those attacking IE — it has a far larger market share. When you’re fishing (or phishing), it’s logical to go for the big sharks rather than the small minnows.

另外，有多少病毒和恶意软件开发人员专门针对Chrome？ 我怀疑与攻击IE的用户相比，这是个小数目-它的市场份额要大得多。 当您钓鱼(或钓鱼)时，顺理成章地选择大鲨鱼而不是小than鱼。

Even if the Chrome browser was compromised, there’s no guarantee that Chrome Frame would be affected. As I recently reported, the plugin runs within Microsoft’s own sandboxed BHO environment. Are Microsoft saying that Chrome Frame could neutralize IE’s internal security? If so, it’s a good reason to block IE plugins or stop using IE altogether.

即使Chrome浏览器受到感染，也无法保证Chrome框架会受到影响。 正如我最近报道的那样 ，该插件在Microsoft自己的沙盒BHO环境中运行。 微软是否在说Chrome Frame可以抵消IE的内部安全性？ 如果是这样，这是阻止IE插件或完全停止使用IE的一个很好的理由。

Finally, it’s interesting that Microsoft only mention IE8. Chrome Frame probably wouldn’t exist if everyone upgraded to that browser, but many users are stuck with IE6 and IE7. Microsoft could have solved the problem if they had implemented an IE6 compatibility mode to the newer browsers, but that never happened and they’ve left Google to provide a solution.

最后，有趣的是，Microsoft仅提及IE8。 如果每个人都升级到该浏览器，Chrome框架可能就不存在了，但是许多用户仍然对IE6和IE7感到困惑。 如果Microsoft对较新的浏览器实施IE6兼容模式，则Microsoft可以解决该问题，但是这种情况从未发生，他们已经离开Goog​​le来提供解决方案。

Of course, Microsoft had to say something and they are unlikely to be complimentary about a Google product. Quoting security concerns is a cheap tactic; adding any plugin undoubtedly imposes a security risk. However, Microsoft should have removed their BHO system if those risks were anything other than negligible.

当然，微软不得不说些什么，他们不太可能对Google产品感到满意。 引用安全问题是一种便宜的策略； 添加任何插件无疑会带来安全风险。 但是，如果这些风险不是可以忽略的，Microsoft应该删除其BHO系统。

Come on Microsoft — stop wasting time berating Google and inadvertently giving more free publicity to Chrome Frame. Provide your own innovative solutions to encourage IE upgrades rather than letting competitors do it for you!

赶快来微软吧，别再浪费时间指责Google了，无意间对Chrome浏览器内嵌框架进行了免费的宣传。 提供您自己的创新解决方案来鼓励IE升级，而不要让竞争对手为您做！

翻译自: https://www.sitepoint.com/microsoft-google-chrome-frame-security/