Wednesday, 31 August 2011 20:14

Google launches an Elevated Privilege Chrome Frame for non admins

Written by

Reading time is around minutes.

84So it appears that Google thinks people should use their Chrome Browser even if they work at a company that restricts things of this nature (often with very good reason).  Although you will not hear much about this it has been a well-documented fact that Chrome caches web pages (even in private mode) and also runs certain applications after Chrome is closed. These APIs read and write data to the System Volume Information folder and also do a few other things that are suspicious at best. This (amongst over things) has caused more than a few companies to ban the browser from use inside the corporate network.

However, Google still thinks that it has the right to let people by-pass these restrictions and install software that is not authorized. They have done this with a plug-in called Chrome-Frame. Chrome Frame is an API that allows a web page to be rendered using Chrome’s engine inside the currently running browser.  I guess this is for people that do not want to use multiple browsers, and is fine as long as it is something they want to install and (in the case of someone at their place of employment) it is authorized to be installed. This was not good enough for Google though, they have written a version of the plug-in that allows this to be installed with elevated privileges by-passing restrictions that are in place to prevent this from happening.

Now, I know there are some that will not understand why this is bad. They will say that people should be able to view the internet and that companies that are still on IE6 or 7 (which are no longer supported by GMAIL and other Google sites) are hindering their employees. However, most companies have fairly strict policies on browsing. This is mostly to prevent malware but also to help increase productivity. I know at more than one company I have worked for we provided internet systems in the break room and lunch room, but prevented all browsing on the users workstations. We also were never hit with a virus on any user desktop, but had them on the employee internet systems.  So it is not unusual to place these restrictions on browsing. It is entirely wrong (not to mention arrogant) of Google to create something that by-passes these restrictions. It also opens up a vector for attack as someone will find a way to usurp the plug-in and execute code through that elevated API, it is nothing short of Malware all on its own.

Discuss this in our Froum

Read 3148 times Last modified on Wednesday, 31 August 2011 20:35

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.