This week, Google wowed the tech crowd by unleashing it’s newest of oh-so-many betas upon the world: Google Chrome Frame (original announcement). Google Chrome Frame is an Internet Explorer plugin (specifically a BHO, or Browser Helper Object, in IE land) that gives versions 6, 7 and 8 of Microsoft’s ever-so-beloved browser the ability to render pages with Google Chrome’s WebKit-based rendering engine instead of Internet Explorer’s Trident engine. Which brings up a few important questions:

Why add an alternate rendering engine to Internet Explorer?

Well, dear friend, Internet Explorer, especially pre-version 8, has notoriously disrespected web standards and has had a unique (read: wrong) interpretation of how HTML and CSS should be rendered on page. IE8 went a long way towards correcting Microsoft’s mistakes of the past, finally bringing its rendering engine up to par with the more modern Gecko (Firefox) and WebKit engines (Safari, Chrome). Nevertheless, IE8 still does not support native XHTML or CSS3, which is pathetic, and has no support for the emerging HTML 5 standard, which is tragic. No support for HTML 5 also means no support for companion technologies such as SVG/Canvas, Geolocation, Database and Application Cache or Web Workers. The combination of HTML 5, CSS3, and all of these companion technologies finally lays an open-source foundation for web development that can rival or even exceed the interactivity provided by plugins such as Flash or Silverlight, and IE users don’t have it.

Google is one of the entities spearheading HTML 5 and all that it entails, but their motivation for bringing Internet Explorer into the fold goes beyond that. Another new Google product, Wave, is readying to hit the stage and promises to be revolutionary to the way that we communicate and interact online. It is so revolutionary, in fact, that it could only truly be created with these budding new technologies, technologies that at present are 100% unsupported in Internet Explorer and its 65% or so share of the market (users). Google had a choice to make: they could either kill themselves in the (most likely futile) attempt to make Wave work with Internet Explorer, exclude over half the Internet from using Wave, or find some way to bring the features of HTML 5 to Internet Explorer. Google chose door number three and the result is Google Chrome Frame.

How does Google Chrome Frame work?

The end user downloads the Chrome Frame plugin and installs it in Internet Explorer. From the user’s perspective nothing really changes. They still use Internet Explorer to browse the web and most pages are actually still rendered using the Internet Explorer Trident engine. But, when the user happens upon a page that needs HTML 5’s class of features, Chrome’s WebKit-based engine takes over and renders the page instead. The nice part is that the Chrome Frame plugin only affects page rendering and, then, only when it’s activated. All of the user’s bookmarks, saved passwords, history, etc. are all still saved and managed in IE. Truly, from the user’s perspective virtually nothing changes, but under the hood, their browser’s abilities have been expanded enormously opening up a new world of interactivity and features that Microsoft was too short-sighted or ambivalent to add, themselves.

Now, I mentioned that most websites will still be rendered with Internet Explorer’s Trident rendering engine. This is because Chrome Frame is a two-part process. The end user must install the plugin, but the site developer must call it into action when needed. That is done very simply by adding the following meta tag to your site’s head section.

<meta http-equiv="X-UA-Compatible" content="chrome=1">

That’s it. Once the tag is seen, Chrome’s rendering engine will fire up and take over, delivering the content and features that would be otherwise unavailable. The brilliant part about all this is that it doesn’t require any major changes on the user’s part. They don’t have to worry about installing a new browser, getting used to a new interface, porting over bookmarks and such. They just have to install a simple plugin, no different in theory than installing Flash or Silverlight so you can access a site based on those technologies.

Does this mean web developers can finally stop worrying about IE?

Google’s announcement of Chrome Frame was, of course, met with much cheering and fan-fare from the developers in the trenches dealing with the beast that is Internet Explorer on a daily basis, but unfortunately, the fairy-tale “happily ever after” ending may not come for a long time, if it comes at all. Microsoft has confounded matters by releasing a statement warning Internet Explorer users to avoid installing Chrome Frame. Why? If you said PR postering, you’re close (and probably right, in all actuality), but the official rationale is that it will undermine Internet Explorer’s security leaving you vulnerable to attacks that wouldn’t effect normal Internet Explorer users.

Ars Technica called BS on Microsoft this morning, and their article is worth a read if you haven’t come across it, yet. To summarize, though, Microsoft bases its claim on two points: 1) installing Chrome Frame “doubles the attach area for malware and malicious scripts” and 2) Chrome is inherently less secure than Internet Explorer. Both of these points are half-truths and, honestly, don’t amount to a truly good reason not to install Chrome Frame.

First, doubling the attach area (places or means to break through the browser’s security protocols) for malware doesn’t really make sense. In truth, it might actually make the browser more secure because it creates a Frankenstein that would most likely thwart malware targeted specifically at either Internet Explore or Google Chrome in their separate forms, simply by posing unanticipated hurdles for the malware.

Second, Microsoft’s claim to “most secure browser” is based solely on two Microsoft-sponsored studies: shaky ground to say the least. Quite to the contrary, Emil Protalinski of Ars Technica details:

In March 2009 … Chrome was the only browser left standing after day one of the famous Pwn2Own contest, where security researchers competed to exploit vulnerabilities in web browsers, while Firefox, Safari, and Internet Explorer were all successfully compromised. Microsoft argues that Chrome only remained unscathed because nobody attempted to exploit it, but the fact remains that none of the researchers had vulnerabilities for Chrome in mind before going into the contest.

No browser is 100% secure, but with data from both sides, the point could be made that they all have reasonably the same level of security. Simply adding Chrome into the mix is not equivalent to making Internet Explorer less secure, and if the results of the Pwn2Own contest are any indication, it might actually make Internet Explorer a little more secure. Nevertheless, it’s probable that Microsoft’s warning will carry weight and, unfortunately, dissuade some Internet Explorer users from installing Chrome Frame.

In Closing

It can only be hoped that technologies such as Google’s Wave will entice users to at least install the Chrome Frame plugin if not ditch IE altogether. Microsoft’s glacial development cycle for Internet Explorer combined with their seeming ambivalence towards the cutting edge will always put IE behind the pack compared to its modern open-source and mostly community-driven and developed competitors. Google Chrome Frame gives developers some hope of being able to use cutting edge technologies now instead of whenever the lumbering beast of Redmond decides it’s finally time, and in many ways it also extends an olive branch to the users of Internet Explorer: we’re not going to force you to change, just to adapt. It doesn’t get more sensible than that.

Share on Facebook