Today we launched our first Beta release of Google Chrome Frame (aka “GCF”).

In some ways it’s a strange product; it’s working best when you notice it least. As a developer, you shouldn’t have to think much about it other than to include the header or meta tag or and optionally add a couple of lines of script to prompt users to install the plugin — a process which notably doesn’t require a restart and doesn’t take users off of your site. There’s no new tool to learn, no new language you have to wrap your head around…in fact, the hardest part might just be putting down all the habits we’ve collected for catering to legacy browsers. The new features in Chrome Frame are all the existing features you haven’t been able to exercise yet.

As I’ve begun to build exclusively to modern browsers, the experience of concerted un-learning of hacks and the ability to write directly to the platform again, sans toolkit, has been eye opening. Yes, there’s still a lot that can be improved in DOM, CSS, and HTML, but things are moving, and the tools we need now aren’t the tools we have today. Better yet, there’s every indication that things are progressing fast enough that instead of building tools to bring up the rear, we’ll be building them to shield ourselves from the ferocious pace of improvement should we need them at all.

If you’re starting a new project today, I encourage you to prototype to HTML5 and modern features and then think hard about what you’re building and for whom. Do these apps really need to run on legacy browsers? Why not just use GCF to make that pain and expense go away. Once you’ve experienced how good modern web development can be — how rich and fast the apps you can deliver are — I’m convinced that you’ll find it hard to go back. The rich, open, interoperable web is the platform of the future, and I couldn’t be happier that GCF is going to help deliver that future.


  1. Sakuraba
    Posted June 9, 2010 at 1:12 am | Permalink

    As much as I would love to do exactly what you describe, how can I force my users to use a browser plugin that could undermine their needs in protection of privacy.

    We need something like GCF, but built by Mozilla, so we can be sure that we dont enforce a loss of privacy on our users.

  2. Posted June 9, 2010 at 8:04 am | Permalink


    I appreciate your concern about privacy, not least of all because I implemented many of the privacy features in GCF. Hopefully when you look closer you’ll see that what we’re doing is designed with your concerns in mind.

    GCF doesn’t undermine privacy protection in the slightest. In fact, one of the biggest changes between Dev and Beta was our addition of increased privacy controls. For instance, when you clear your cache in IE, GCF’s cache is cleared. When you remove browsing history, GCF respects that, and when you use InPrivate mode, GCF respects that too. We’ve worked very, very hard to ensure that GCF is among the best behaved plugins you can install as a user. As I said in the post, our goal is for things to Just Work — and that includes ensuring that user’s intent with regards to privacy is always respected.

    Further, GCF is Open Source. With last week’s release of the RLZ component of Chrome (which doesn’t get used in GCF since we don’t surface a search box), all of the Chrome codebase is available for you to peruse and come to your own conclusions about.

    So just to sum up: GCF is among the very best plugins in terms of respecting user privacy, it integrates completely with browser-provided privacy controls, and we’re doing all of our work in the open. I encourage you to join our mailing list if you’ve got further questions about GCF’s privacy features:

    We want your direct feedback and are happy to answer questions.


  3. Sakuraba
    Posted June 16, 2010 at 2:40 am | Permalink

    Thank you for your detailed explanation.

    Does that mean that GCF’s only concern is rendering a website and does not interact with Google servers at all?

    If so, why doesnt Google install it, e.g. during installation of Google Chrome or the Google Toolbar for IE? Would that be too evil?

  4. Posted June 17, 2010 at 7:15 pm | Permalink

    Hi Sakuraba,

    GCF’s sole job is to render websites, but it turns out that the web is complex and worse, dangerous. GCF uses the built-in malware protection mechanisms from Chrome. That means that GCF downloads a list of hashes of known-bad URLs from Google on a regular basis. If you visit a page that matches a hash in that list, then the exact hash may be sent to Google for a final “is this really bad?” decision. The reason we can’t turn this off in GCF is that it would be terrible if attackers could bypass malware checking in a browser by sending the GCF header. The protocol for this is open:

    This is the same system that Mozilla uses and a similar mechanism is implemented in IE8. Odds are if you’re using an even remotely modern browser, it’s already doing this in some form, perhaps in the exact same way.

    Similarly, GCF will check for updated versions of itself. That necessarily means sending a request to Google.

    If *and only if* you chose to opt-in to crash reporting and usage analysis (that checkbox in the EULA page in the GCF install flow), GCF will use the histogram service to send anonymous usage information back to Google to help improve the product. Again, this is not enabled by default.

    Since GCF doesn’t have any interaction with the toolbar in the host browser, concerns that some have about Chrome’s OmniBox implementation (which can be easily disabled) are moot for GCF.

    As for distribution, there are principles that every Google product is responsible to:

    They don’t preclude bundling, but they do impose good and strong constraints on how it would have to be done.

    Does that answer your question?

  5. Sakuraba
    Posted June 23, 2010 at 1:02 am | Permalink

    wow, you are a class act. I cant thank you enough for answering my question in such an informative way.

    I guess the fears that I posted here are general misconceptions that people have about GCF. Maybe you guys should emphasize those points a little more when pitching GCF.

    Another thing is the installation procedure. I guess a lot of users are scared when they get redirected to another page that tells them to install something. If I would redo that, I would design it like the installation of FlashPlayer, which is less intrusive in my mind.

One Trackback

  1. By Ajaxian » Google Chrome Frame Gets Beta Love on June 8, 2010 at 10:28 pm

    […] has a post on the beta itself: In some ways it’s a strange product; it’s working best when you notice it least. As a […]