Sunday, September 7, 2008

A deeper look behind Google’s shiny new Chrome

Hey, look who’s got a new toy in town; it’s Google with its shiny Chrome web browser. I bet most of you must’ve known about Chrome already, Sammy even has posted a couple or more Qik video about Chrome usage at PalmAddict. I’m not going to tell you again about Chrome, because I’ve already done it; but instead this time I’m going to take you to see beyond & behind Chrome’s pretty face.

It only took hours for Chrome to become everybody’s new favorite web browser, the speed and the sleek look of Chrome have captured the heart of many Firefox users as well. Not only because Chrome is offered free like Firefox, but it also beats Firefox, IE & Safari on speed test comparisons.

Google’s Chrome has put a lot of pressure on those three already existing web browsers, which have been around for years before. But the search giant’s new baby web browser got everything it needs to be the best right now; speed & user friendly UI (User Interface). And so far, it’s only Mozilla who has responded to Chrome speed challenge.

Google is using its own collection of five JavaScript benchmarks and V8 (Chrome’s JavaScript Engine) to show how fast Chrome can handle sophisticated web applications such as Google Docs, Yahoo’s Zimbra & Zoho’s online application suite. But Mozilla countered with a different test called SunSpider. Firefox 3.1, which Mozilla hopes to release by the end of the year, comes with JavaScript acceleration technology called TraceMonkey. In Mozilla's test that pitted TraceMonkey-enhanced Firefox against the Chrome beta, Google's browser was 28 percent slower on Windows XP and 16 percent slower on Windows Vista.

It sounds so nice when the big boys are fighting to be the best, since the results will always good for us; end users. As for now, Firefox loyal users have to be patient and wait the v3.1 to come out. Although I think Mozilla should make it come out faster, or otherwise Firefox users will surely migrate to Chrome in time.

Why do I speak so much about this speed, and it makes me to look like a cheap car salesman? And why does Mozilla cares so much about it too? Yes, of course users love to have speedy surfing experiences rather than slow poke web rendering from the ’80 era. But for them, most importantly, is because fast browsing mean more & faster money coming in. Google is betting that its Chrome web browser will speed up web search, web advertising, and web applications. Now you know the dirty truth behind their healthy look alike competition.

And for Chrome’s sleek-clean UI, Google has set a higher bar for others to follow. And it’ll get better,
TG Daily uncovered a so-far hidden "themes" folder that's empty for now but that presumably could be used later to give Chrome different looks. Having a capability to change Chrome’s theme, will create a wider gap that Microsoft must overcome with its boring & unchangeable IE look.

Talking about Chrome’s advantages must’ve made you drool a bucket, but don’t wipe your drool yet cuz here comes another one. Google co-founder, Sergey Brin expects Chrome technologies will make it way to Android, the company’s first mobile phone platform. Chrome and Android were developed largely separately, Brin said in an interview at the Chrome launch event Tuesday. "We have not wanted to bind one's hands to the other's," Brin said. But you can expect that to change now that both projects are public and nearing their first final releases.

"Probably a subsequent version of Android is going to pick up a lot of the Chrome stack," Brin said, pointing to JavaScript improvements as one area. And the brand name likely will follow. "My guess is we'll have 'Chrome-like' or something similar," he said. With this it’s kinda confirmed, that the upcoming HTC Dream, the first Android handset to be released soon this year, is not going to have Chrome in it (for now).

”Kaachiiing…!!!” I heard the sound of cash drawer opens up more frequently at Google HQ, and we’ll be hearing more heavy sound of coins in Sergey Brin’s pocket. You know, inside of his army/sport-like pants that he love to wear everywhere he goes. ;-p

Speaking of Sergey Brin appearance, have you notice that he wore a cute pair of Croc sandals during Chrome press conference? Its color is nearing pink, and each of them is accessorized with tiny little turtles & pirate flag. –click on the picture to enlarge it—Very macho Brin, very macho indeed… ~LOL~

Still in the same press conference, Sergey Brin asked by BoomTown’s Kara Swisher if she'd try it out. "But you don't have a Mac version, baby, so no," Swisher tells him in this clip. "I know, I know, it's embarrassing," says Brin. "When is that coming out?" Swisher asks. Brin looks over his shoulder for PR help. He says: "Um, I don't have a date for you. I'm going to have to get back to you. I'm asking every day. I hope it'll be a matter of months." –head on to
Valleywag’s page to watch the excerpted interview--

So by now, even Google (in this case is represented by Sergey Brin) has acknowledge the growing presence of Mac in computer industry. Steve Jobs surely will be thrilled if he hears this. ;-)

Alrighty, it seems the drool bucket of yours is full now; and so it’s time to wipe off the left over at your chin there. After all of those sweet talks about Chrome, now it’s time to talk about the scary parts behind it. As I’ve told you before that Google is using Apple’s WebKit, an open-source project for the process of interpreting the HTML code, and it is not only getting all of the good genes but also inherit the bad ones too.

If you still remember it, I’ve talked about Safari’s bug called “
carpet-bombing” awhile back then. Researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.

Raff has cooked up a harmless demo of the attack in action, showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning. In the
proof-of-concept, Raff’s code shows how a malicious hacker can use a clever social engineering lure — it requires two mouse clicks — to plant malware on Windows desktops.

The Google Chrome user-agent shows that Chrome is actually WebKit 525.13 (Safari 3.1), which is an outdated/vulnerable version of that browser. Apple patched the carpet-bombing issue with Safari v3.1.2, so until Google updates Chrome with the new Safari’s patch then users have to be extra cautious using it.

The warning seems to be true, since some Google Chrome early adopters using Windows Vista are reporting that files downloaded from the Internet are automatically dropped on the desktop, setting up a scenario where a combo-attack using this unpatched IE flaw could be used in attacks.

If the copied Safari’s flaw is not enough to scare you, another one comes from an article on the Securiteam site; Rishi Narang from
Evilfingers says a crash can occur without user interaction. If a user is provided a malicious link with an undefined handler followed by a special character, Chrome crashes. In Google-speak, the browser displays a message "Whoa, Google Chrome has crashed. Restart now?" Narang found the fault in chrome.dll version 0.2.149.27.

Furthermore, Google is beginning to be more like Microsoft with Chrome’s Omnibox feature. The auto-suggest feature of Google's new Chrome browser will give Google access to any keystrokes that are typed into the browser's Omnibox, even before a user hits enter. A Google representative told CNET News that the company plans to store about 2 percent of that data--and plans to store it along with the Internet Protocol address of the computer that typed it. In theory, that means that if one were to type the address of a site--even if they decide not to hit enter--they could leave incriminating evidence on Google's servers.

A simple solution can be implemented to keep your privacy safe, simply by turning off the auto-suggest feature means that Google will neither get nor store this information. One can also select a search provider other than Google as their default to avoid having their search queries stored by Google. Switching to Chrome's Incognito mode also switches off the auto-suggest features, the Google representative said. If you want to make sure your web tracks are covered, just right-click the link and select "Open link in incognito window."

Now that I’ve talked about the scary parts of Chrome’s securities, I suppose I’m ending this post with happy ends. First one is handy keyboard shortcuts for Chrome, though you can find the complete shortcuts at this link, here are 4 of them that most useful:
  • CTRL + T for opening new browser tabs
  • CTRL + SHIFT + N automatically opens up a Chrome 'incognito' window which allows you to surf on a PC without leaving behind any digital footprints.
  • SHIFT + Escape allows for fast access to Chrome?s Task Manager utility that allows you to nix browser processes that have gone awry.
  • CTRL + SHIFT + T will open recently closed browser tabs.

Secondly is Easter Eggs that can be found by typing “about:” follow suit with the appropriate commands at Chrome’s address bar:

  • about:internet; you'll see a tribute to United States Senator Ted Stevens' take on the Internet.
  • about:memory shows how much memory the browser--and any other Web browser--is using. Conveniently for Web developers, it also shows how much each Web site in a browser tab is using.
  • about:stats shows a wide range of internal measurements such as the time taken to initialize Chrome, load Gears, or perform various operations while running JavaScript programs with Chrome's V8 engine. The page also carries the amusing note, "Shhh! This page is secret!"
  • about:version shows details of what version of Chrome is running, along with the user-agent text that the browser reports when identifying itself to web sites.
  • about:histograms graphs various performance measurements such as the time taken to autocomplete text users type into the browser.
  • about:crash crashes the active browser tab.

And for the last one, have a good laugh on the funny comic picture that portraits Microsoft’s Bill Gates on dealing with Google’s Chrome & IE8 new porn mode feature. The picture is courtesy from Joy of Tech, click on the image to enlarge it. ;-D

Sources are from:

[blogged with my Treo 750v]

No comments: