The latest version of Google's Chrome browser presents a privacy risk through its search-term tracking, a Microsoft security executive has said.
Microsoft general manager Amy Barzdukas, who heads up Internet Explorer and consumer security for the software company, said on Wednesday that Chrome 3.0 sends packets of information to Google every time a character is typed into its search box.
"With Google Chrome 3.0, every keystroke you type is sending a packet to Google," Barzdukas told an audience at the RSA conference in London. "Browser vendors need to be careful with privacy."
Google's browser has already come under criticism from Microsoft over privacy. In September, the software maker said Google Chrome Frame — an Internet Explorer plug-in that replaces IE's rendering engine with Google's — doubled the attack area of the Microsoft browser.
Microsoft is engaged in a competitive battle with Google, which in July introduced Chrome OS, a web-focused operating system that goes up against desktop-focused Windows. Microsoft itself has launched its own search engine, Bing, to compete with Google's market-leading product.
Google has said it is taking a fresh look at the security architecture in both the Chrome browser and operating system so users do not have to deal with viruses, malware and security updates — all of which have affected Microsoft's products.
In her keynote speech, Barzdukas used an HTTP debugging proxy called Fiddler to demonstrate that IE8 does not send data back to Microsoft following each keystroke into its address box. She then contrasted that with the Chrome 3.0 browser, which sent data packets back to Google following each keystroke.
Several of Google's products monitor user activity and aggregate the data collected, with this information being used to serve contextual ads and other features.
Google on Wednesday denied that its Chrome browser compromised user privacy. In an email statement, a Google spokesperson said that Chrome sent typed letters to a web service so that users would have predictive functionality in search.
"In order to offer suggestions of URLs and queries based on what you type, Google Chrome must send the letters you've typed to a web service for relevant suggestions," said the spokesperson. "Google Chrome always uses your default search provider for suggestions so if your provider of choice offers a suggest service, you can use that service and nothing is sent to Google."
The spokesperson said that in Chrome, users can turn off the Suggest feature in Options, under the Basics tab. Furthermore, people can use "incognito mode", where Suggest is automatically disabled.
If the information is sent to Google, the company doesn't log data in 98 percent of cases, said the spokesperson. In 2 percent of cases Google anonymises its logs within 24 hours, the spokesperson added.
Talkback
Our processor cycles keep getting gobbled up all these crappy background operations going on before you've even done anything.
"Google has said it is taking a fresh look at the security architecture in both the Chrome browser and operating system so users do not have to deal with viruses, malware and security updates"
Whats your name ? Moses, yeah right.
Next thing they may do is send an add-on, in an update without the users knowledge, with a gaping security hole. Also, why is it that everyone is concerned about security in IE except MS?
The way I see it each should be worrying about whats on there own plates and not what others are doing except in the case of ms coming forward and saying google's plugins are compromising there browser.
As far as google are concerned to actually come forward and more or less state that there offerings will be virus/malware free is a bit stupid at best, and I would be very much less inclined to believe anyone stating such.
Having said that thanks to dynamic software technology's being developed for facilitation of things like rapid ad sense delivery and alike, this has contributed a great deal to the expansion & rapid delivery of malware in general, so google isn't exactly innocent in all this.