Google Chrome Security, Privacy, Technical Issues

The newly released Google Chrome has several issues which I believe makes it unusable.

Chrome claims better security than other browsers as each tab acts as a “jail”. Unfortunately, it’s very easy for a malicious website to download files onto your desktop or your download directory.

The “carpet-bombing” security issue

It takes nothing more than the following line of code:

<iframe src=”RandomFile.exe”></iframe>

Google Chrome then downloads RandomFile.exe into your downloads directory without any user prompt. For many people, the download directory is the Desktop. Being an executable file, it can have its own icon. So potentially, visiting a website through Google Chrome could lead to malicious executable files appearing on your desktop, which may disguise themselves as utilities such as browsers. Not only that, it takes just one click on an icon to launch it from Chrome without any warnings.

Privacy Issue with the Omni-Bar

The address bar (Omni-bar) has built in Google Suggest. This means anything you type into the address bar, including partial URLS, are sent to Google’s servers. Not only that, requests from the Omnibar send your Google cookies. That is, Google can link every single thing (URLs and searches) you type in the address bar back to your Google account and hence your personal identity.

The Coderrr Blog has some examples of requests sent to Google’s servers. It’s pretty scary.

It’s worth mentioning Firefox 3 and Google Toolbar’s auto-suggest features will do the same thing. However, they will only send search queries whereas Chrome sends URLs too. The Electronic Frontier Foundation are worried.

Stability Issue

You can crash Google Chrome by typing :% in the address bar. Don’t ask me why, I have no idea. Interestingly enough, Google Chrome has already crashed several times in the short amount of time I’ve had it. Firefox hasn’t crashed in a long while.

Technical Issues

Google Chrome can’t physically work on a Mac. There is no way to have multiple process rendering to one window on the Mac platform. And it looks like Firefox’s new Javascript engine is beating Google Chrome in benchmark tests.

Conclusions

Google Chrome is a new product and so I don’t think we should be too harsh on it. But what’s true is that there are siginificant security, privacy and technical issues with Google Chrome as it stands at the moment. I feel it’s partially irresponsible of Google to be promoting Chrome to end users on their Google homepages when the latest release of Chrome has so many issues.

What’s more, the browser was initially released with a clause in the EULA which granted it “a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through” the browser. It’s been removed now.

Recommendation: Stick with Firefox for the time being.

4 thoughts on “Google Chrome Security, Privacy, Technical Issues

  1. I think there’s every reason to be harsh. The general (albeit ‘beta’) release of Chrome is way too early, this product is only at beta test stage and should only have been released to beta testers. There are numerous major bugs.

    Google is in danger here of acquiring a reputation similar to MS for rolling out under developed and malfunctioning products.

    In brief this ‘browser’ is like a bad version of Safari with some IE6 bugs thrown in for good measure. All it currently succeeds in doing is creating a lot of extra work for developers. This is not a release build.

  2. I agree. My initial reaction to the release was: Why reinvent the wheel? Particularly when it’s already been invented so many times. Firefox is the industry standard.

    I’m sorry, we have another contender for the post of new Evil Empire.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>