Tuesday, September 16, 2008

Google's Chrome loses a bit of its shine

When Google released Chrome I was rather interested. Then I found out it was based on Safari - generally regarded as the worst of the Windows browsers available, the least functional and the most insecure. But Google says that they have planned and built a secure browser.

Bullshit they have!

Google's Chrome browser has had more security flaws found in its first month of life than IE7 had in close to a year! That's an outstanding achievement! :(

Now, to mention only one of the many issues Chrome has, it allows - by default - files to be downloaded to the filesystem without prompting. I mean, how mind numbingly stupid would that have been in 1998, let alone now in 2008? And now this "feature" has been exploited.

To quote Nick FitzGerald as stated on the Bugtraq list:

...in a browser announced with such a massive hoopla about how it's been double-especially-extra-security-hardened from the outset, _that something more obviously sensible_ was not the _shipping default configuration_ is gob-stoppingly stupid; a fundamentally noob-ish design error.

In short, something that does not bode well for the product living up to the marketing hype.

Oh, and slapping the standard "we're Google so couldn't be arsed finishing it so will call it beta" label on it makes no difference. Fundamentally stupid is fundamentally stupid at whatever point in the development process that "feature" made its way into the product.

Come on guys - if you want to trump Microsoft, this is NOT the way to go about it. Security, Security, Security (to paraphrase a man I don't particularly think is doing anywhere near an acceptable job).


The Outspoken Wookie

No comments: