Google’s Chrome, the new Web browser by Google, has been getting a lot of attention because of its simple approach to browsing the Web. Â But there is more here than meets the eye. It is all about the approach.
The new application has its flaws, for sure, but what it gets wrong it makes up for in what it gets right. Â Google has long been an advocate of speed. Â ”Speed is a feature.” Â Many other browser manufacturers, namely Apple, Microsoft, and Mozilla, have continuously strived to push the needle on speed, faster page loading time, and overall memory usage of their software products. They’ve done this while also trying to jam more features into the browser. Â What they’ve ultimately failed to do though, is what Google succeeded at; removing the application from the application.
Google’s approach here is interesting. Â This is the first real step towards making the Web the application, and the browser just the “thing” that loads it into view. Â Over on Daring Fireball John Gruber quoted this bit, which I find really interesting:
“In the long term, we think of Chromium as a tabbed window manager or shell for the web rather than a browser application. We avoid putting things into our UI in the same way you would hope that Apple and Microsoft would avoid putting things into the standard window frames of applications on their operating systems.”
You know how the iPhone or iPod touch loads web applications with nearly no UI unless you scroll up? Â That is sort of the approach that Google Chrome is taking. Â Just render the page in an insanely fast and stable way – that is the goal.
Is Google Chrome a “Single Site Browser” the way the next version of Safari is going to be or the way that Fluid already is? Â Sort of. Â In the “Page control” menu (not sure I like that name either) there is an option to “Create application short cuts”. Â You can install these shortcuts on your Desktop, Start Menu, and Quick Launch bar. Â Personally I think it would have been neat if they automatically asked to setup Gmail, Google Reader, Calendar, etc. when I installed – but everyone knows that they would have caught some serious heat for that if they did. Â For those of us liking the SSB experience, Google Chrome works.
It is tough to say what Google Chrome “gets wrong”. Â I’ve seen reports of various rendering problems, but I don’t think that is something Chrome got wrong. Â That is fairly easily fixed in the next version so long as they iron out their use of Webkit.
To sum up; the approach Google is taking here is refreshing. Â Clean, simple, and fast. A feature for feature comparison of Google Chrome against any browser would not be a fair way to gauge its affect on the marketplace. Â Time will tell.
Now, when they release a Macintosh version, then I’ll really kick the tires.
Chrome is one of the most interesting entires into the browser market in a long time. I really hope this project flourishes.
Chrome is one of the few browsers to actually take security as an integral part of the design. The “one process per tab” design, and the sandboxing of the rendering process is impressive. It shows a “denfence in depth” mentality.
The only other browsers that do this kind of deep-ingrained security design are IE7 and IE8 (IE8 moreso). Firefox and Safari don’t have anything like it.
Chrome is also one of the few browsers that supports ActiveX plugins out of the box, which is awesome. Google’s developers didn’t get sucked into the “ActiveX is a security problem” mantra that seems to permeate the Internet. (Hint: ActiveX is no less secure than the Mozilla’s NPAPI.)
Nice tidbit about the ActiveX “built in”. That is something I didn’t realize.
Go to “about:plugins” in Chrome. You’ll see what I mean.
It’s a shim that allows ActiveX controls to work. It’s not full-blown ActiveX support, but at least it’s something.
It looks like the primary plugin API for Chrome will still be NPAPI, which makes sense given its WebKit roots.
ActiveX is a security hole in a way that NPAPI isn’t, because ActiveX includes a mechanism to automatically install and run controls directly from a remote website, where NPAPI requires you to explicitly download and install plugins. The hacks that Microsoft has added to ActiveX have not resolved the fundamental problems in Microsoft’s “security zones” model, they have simply made moderately secure use of ActiveX controls LESS convenient than downloading and installing a plugin.
ActiveX requires user intervention to install. Always has. If a user installs a malicious ActiveX control, it means they chose to install it (same as NPAPI).
Futhermore, the installation mechanism of the plugin is entirely tangential to the actual security of the plugin. BOTH ActiveX and NPAPI allow abritrary executable code to run with full process privelages.
If anything, ActiveX comes out ahead because of its security zones.