Google Chrome out for one day, already reasons to avoid

As we reported yesterday, Google has released the first beta of their new web browser, Google Chrome. Within a day of its release, there are already a couple of points that users should be cautioned of before using this new browser.

The first, is the popular "carpet bomb" vulnerability that still exists within Chrome, as pointed out on our forums by our member matessim. This vulnerability allows malicious websites to drive by download and execute programs on your machine. Our visitors may remember the uproar that this same vulnerability caused for Safari users, and that Apple patched the carpet-bombing issue with Safari v3.1.2. Chrome is vulnerable to this exploit because it is based on the same engine, WebKit 525.13, and Google did not patch or update the engine before releasing the software.

The other, and less technical, problem with Chrome exists in its EULA. More specifically, the point that would seem to give Google rights to anything you post on the Internet while using their browser, mostly in conjunction with the promotion of its services.

Update: Google has rectified the EULA issue.


"By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any content which you submit, post or display on or through, the services. This license is for the sole purpose of enabling Google to display, distribute and promote the services and may be revoked for certain services as defined in the additional terms of those services." Not exactly something you're used to seeing in a web browser's license agreement.

There is also the point that Google reserves the right to automatically update and install Chrome. Interesting, "the software which you use may automatically download and install updates from time to time from Google. These updates are designed to improve, enhance and further develop the services and may take the form of bug fixes, enhanced functions, new software modules and completely new versions. You agree to receive such updates (and permit Google to deliver these to you) as part of your use of the services." ... so says the EULA.

Now we're all used to seeing automatic update functions built into software. It seems that almost anything you install these days has one. However, very few demand that I install their updates. What if I don't want to because the new version includes a bug or breaks something else on my computer? Although, one would hope that they'd use this automatic update feature to fix the flaw pointed out above.

View: Google Chrome EULA

Report a problem with article
Previous Story

eMusic rattles ISPs over legal downloads

Next Story

Demigod Hands-on Preview and Fresh Screenshots

83 Comments

Commenting is disabled on this article.

[img]it looks pretty, BUT:

- why does it install itself in C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[i] ? What's wrong with "Program files"?

- why does it run 3 chrome.exe processes at once?

- did they really fix the bug?


I need more pros for using it. Until then, FF RULES!

I'm an experienced Web designer who's used Windows from 3.1 to Vista, and who's tried countless versions of Netscape, IE, Firefox, Opera and even Safari over the last 10 years. Until now I've been a FF3 user who used IE7 frequently as well.

I was as worried as you were by the content of that Google EULA, but was not surprised to later learn it was a mistake. A bit of an embarrassing blunder for Google, but certainly not the deliberate subversiveness you all thought it was.

As for the looks, I like Chrome because I think Firefox is ugly (in its default theme) and I've been waiting years for a browser that's as pretty, smooth and uncluttered as Chrome is. I love the subtle bluish white texture of the navigation bar, the subtle animations when you move tabs and things, and the transparent window title (yes, I'm using Vista which is also very nice). So we all differ on what we think of the appearance, which just shows our diversity really. Of course, FF has customisable themes which is good, but it's even better for me that Chrome suits my preferences without even trying!

On engine, I'm disappointed - annoyed even - that Google haven't fixed the carpet bomb flaw, but when they do very soon, the whole argument of this article will be null and void. OK, leave this browser for now if you like, but when it's matured a little bit, I think you might want to reconsider. I never thought I'd be using what is effectively Safari, but Chrome gives us Safari's fantastic speed (it really is wonderful) but without Safari's drawbacks (horrible anti-aliasing and a silver Mac-like interface that fits with Windows' look and feel about as well as a square peg in a round hole).

Finally, on features - it is of course an early beta, but already its feature set is not far off the other major browsers, and is ahead in some ways. That's impressive. I can happily live without RSS and things for now. Print Preview would be nice too, but I'm sure many of these things will come in time. I look forward to seeing how this develops.

Well, judging from the number of downloads of Chrome that have been reported, and the number of page hits probably being generated as a halo effect of that mass interest...you do the math. This'll probably be stickied until sometime in October...

Tried it, Google installer setup in my startup programs list...BYE-BYE! Gone. Oh and guess what, its still there in startup after you uninstall Chrome. I don't care what it is, when I uninstall something I expect it to be GONE! I'm not as mad as it seems, I just hate that tho...especially a file sitting in startup without asking me if I might want to leave that there for future installs or whatever... just ask..or SUCK! Not mad...wheres that friggin flip off smiley!

(solardog said @ #45)
Tried it, Google installer setup in my startup programs list...BYE-BYE! Gone. Oh and guess what, its still there in startup after you uninstall Chrome. I don't care what it is, when I uninstall something I expect it to be GONE! I'm not as mad as it seems, I just hate that tho...especially a file sitting in startup without asking me if I might want to leave that there for future installs or whatever... just ask..or SUCK! Not mad...wheres that friggin flip off smiley!

I install it today and unistall it today - all gone. Maybe version I used was updated beta (c;

Google is becoming suspicious in my mind and that's not good. If the EULA language comes back in any form, I will never use Chrome and almost certainly never trust Google again.

Chrome is just as feature packed as a naked Firefox. Love how people compare 0.2.149.27 to a 3.0.1 or a 9.52 or whatever Opera is these days.

Not a fanboy...but I LOVE this browser. Nothing is without its flaws, but hot dang it's quick. Just some wish list items:

- I'm anal about capitalization of words on context menus. Whose idea was it to type successive words without capitalizing the first letter?!

- Add additional selections to the right-click menu like Refresh and Add Bookmark.

- Add a Google Sign-In Manager. I'd like to utilize Google Bookmark service instead of locally-stored bookmarks.

Its probably so fast cos your browsing google cache instead of the internet... being that google has the whole internet cached its almost like the real thing :P

Someone download the Source, Re-Compile, bring it out with a slightly different name and scrap the EULA.

Easy eh?

After reading this, I will never install this crap on my PC. This now makes me want to avoid using Google for everything.

Other than the fact it's Google, and I'm NOT one it fanboys, this thing is just plain fugly, and I usually don't give a rip about looks. Bookmarks are totally ignorant. 4 processes just to run a browser? Rediculous. Auto update stuff, no way, ain't happening on my machines.

Installed and uninstalled within 10 minutes!

Didn't notice the GoogleUpdate.exe.
Ok, its going off my PC.

Don't like having extra stuff too.

I hope other browsers will adopt some of the ideas of Chrome though.

and which browser doesent have security flaws...i think google hit the mark with this one...the speed is fantastic...does everything a basic browser should do...plays media,ssl/hhtps, spell check, multi-threaded...for a newbie at this game i think google hot the spot now they just need to throw in some customization options, maybe publish a sdk for third party plugins, and then your set!

rock on google!

Agreed on the speed - it really does seem to fly on my machine compared to fx3.1 and IE8 (beta2).

I doubt I will end up using it as my main browser but it definately as potential.

I could not install it. I run the exe and it installs the updater, but the program is nowhere to be found.

The browser is incredibly stupid also. Its way too plain, and they have the stupid scroll wheel going the OPPOSITE way. It should be scrolling like any other browser does (it should scroll down when you move the wheel down... not up).

(TC17 said @ #30)
The browser is incredibly stupid also. Its way too plain, and they have the stupid scroll wheel going the OPPOSITE way. It should be scrolling like any other browser does (it should scroll down when you move the wheel down... not up).

I'm not quite sure what you mean - it works fine for me? Plus I love the plain, I make my OS look as simple as possible every time I reinstall.

Oh sweat LORD why isn't there a 64-bit version of Flash out yet!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Anyone have any idea's on making Chrome work in 32-bit mode so I can install flash and use it on a 64-bit system?

It downloaded and installed the plug-in 4 or 5 times saying it was finished but never worked, seems fine now.

ALSO THIS WEBSITE LOADS VERY VERY SLOW ON Chrome, it gets stuck after the 2nd part of the home page. Anyone have this?

It's a build number, not a version number ;)

There aren't specific versions, just build numbers afaik. They do have a strange way of doing the numbers, though.

Favorites are commonly visited sites, like Neowin.

Other bookmarks is where you hide your porn connects. Actually less visited sites. I have about 12 favorites, and 40 not so favorites. The 12 I keep handy right across the top, the other 40, out of the way.

Great, #23!
Microsoft's gonna start doing that obligatory automatic update thing in XP, and it's an OS.
I'm in love with Chrome right now and if it's everything they talk about in the comic book, and a lot of that I can see that's true, oh god, I'm in heaven!

OMG WOW!!! Most of you need to log off, take off the tin foil hat, and go get some sleep.

Wait! Right now Google agents are looking over the entire web for posts made with chrome so as to steal them and reproduce them later. Muwahaha

I mean really, small amounts of info to gear ads, big frigging deal. Do you use Gmail... We can read your mail... email admins have that power...

Go read the Eula for the OS you are posting from, the word program you wrote your resume in, or the other browsers your surf your bank account in.

Every time you type in a search in Google, or any other search engine, you are handing over your info. Search habits of a people with in a certain geographic area. Now they can gear ads to you with out specific details.

This stuff has been going on long before chrome. It's common practice.

I for one love chrome. Its won me over. Fast, minimal, and stable. Yeah there is a bug which will be patched. I mean after all this is a working beta release. My chrome will update itself when the new release comes. Built in auto update for the win.


CEO Google
Eric Schmidt

By the way, if you want to kill Google's updater, just stop it starting up from within msconfig.

Fairly sneaky tactics by Google, I must admit :(.

Hahaha, now instead of people adding a signature tag line like " Posted while mobile", "Sent from my iPhone", or something similar it will be something like "Posting made possible by Chrome", "Thought of while using Chrome", "Created with the help of Big Bro Chromagnum" hahaha

Chrome has potential but only if Google revisits and updates their EULA; I for one will NEVER use this browser knowing that Google will give advertisers my info.

"The other, and less technical, problem with Chrome exists in its EULA. More specifically, the point that would seem to give Google rights to anything you post on the Internet while using their browser, mostly in conjunction with the promotion of its services"

This will be shocking only to those with extremely limited experience in technology. To the rest of us, this is absolutely expected of Google.

A great testament to their "do no evil" motto.

Not paranoia, its black and white, right in front of your eyes. I usually would have the same reaction, but this is different.

It's not going to matter. It is based on website, yet lacks the hideous interface on Windows (Safari). This is Google we are talking about. This software in all purposes was made for their services (Gmail, Google Docs). The Mac and Linux versions will be released. Issues with the EULA will be "solved." Java script bugs will be fixed.

I almost feel sorry for Opera and the lesser browsers. I don't really see issues with Internet Explorer and Firefox loosing significant market share. Yet... A plug-in API and three stable platform releases later and I would be worried. It likely will happen.

(DARKFiB3R said @ #13)
"Are you sure you want to uninstall Google Chrome, was it something we said?"

**** yeah, see ya.

I lol'd when I just installed, perhaps they knew. :eek:

Looks to me like it will be a great lite browser with plenty of features, but i will wait for a few more betas and official releases before i use it

A company notorious for capturing, holding and profiling users....and you want me to download the browser now too so they can capture even more? Not to mention the problems listed in the origional post.

Okay. I get the joke.

Sounds scary. Can anyone show us an example of the work that google has reproduced from someone's email/posting etc? I'd seriously like to see it, because that's very scary.

Well anyway, I don't think they'll care much about reproducing my digimon fan fictions. Who cares.

People trust Google even after so many instances of them being the Big Brother of the internet.. Its just remarkable :\

The great double standard...

If Microsoft tried to pull some crap like this, people would be screaming bloody murder.

(BigBoy said @ #7.1)
The great double standard...

If Microsoft tried to pull some crap like this, people would be screaming bloody murder.

A company with a fruity rainbow coloured logo seems harmless to people I guess :P

Actually, you may be wrong on that one....

Section 9.4 of the EULA says:

9.4 Other than the limited license set forth in Section 11, Google acknowledges and agrees that it obtains no right, title or interest from you (or your licensors) under these Terms in or to any Content that you submit, post, transmit or display on, or through, the Services, including any intellectual property rights which subsist in that Content (whether those rights happen to be registered or not, and wherever in the world those rights may exist). Unless you have agreed otherwise in writing with Google, you agree that you are responsible for protecting and enforcing those rights and that Google has no obligation to do so on your behalf.

So you may think, great, I own my stuff, even if it is not registered (as usual on copyright practice) then you go to 11..:

11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

Which completely cancels out the first! there is no qualifier here, you retain all the rights but you grant us use of it for free...that is what is saying, so you are granting google use of that lovely picture you send to Aunt Clare, which you also have in istock, for free. As you read 1.1...

1.1 Your use of Google�s products, software, services and web sites (referred to collectively as the �Services� in this document and excluding any services provided to you by Google under a separate written agreement) is subject to the terms of a legal agreement between you and Google. �Google� means Google Inc., whose principal place of business is at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. This document explains how the agreement is made up, and sets out some of the terms of that agreement.

you realize that software is part of the services, hence chrome is within the sphere of this, not only Gmail, et al. It also means google has a right to use emails of yours and publish them......if they wish....and then of course the grand section...

11.3 You understand that Google, in performing the required technical steps to provide the Services to our users, may (a) transmit or distribute your Content over various public networks and in various media; and (b) make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media. You agree that this license shall permit Google to take these actions.

You may own your content, but as long as you used the services (this includes you google doc spreadsheet with your trading secrets) Google can do what it likes with it.....it does not even tell you that it has to tell you...you just granted it to them.....

Nice.

(HalcyonX12 said @ #6.1)
Oh well, it's a EULA from their services But it doesn't stand for use of the software, it's a mistake
But people don't realise it's not meant to be there and it's going to be removed, or just uses it to bash google.


On a sidenote: the default directory of chrome is NOT the desktop, so people who run it as provided won't notice this problem.

Google doesn't have rights to everything you post using its browser, the EULA states quite clearly that the data you post to their services that Chrome makes use of (such as the address bar searching, etc) will be submitted to google and they can do stuff with it. This is all stuff that has been in the privacy policies of their web services since forever.

There are other versions to avoid it though, such as the fact that it installs some update software that doesn't uninstall when you remove the browser...

I was going to put this in the article, but didn't. That is no excuse for EULA and massive security holes that have been known for weeks if not months to target the framework your product is based on. I could understand if this was a new hole that didn't effect other browsers, but its the same one that Safari dealt with already that Google repackaged and redistributed to an unknowing public.

Besides, everything Google puts out is in beta.

(Marshalus said @ #3.1)
Besides, everything Google puts out is in beta.

Yeah, it's a handy excuse for them (and the apologists) to use when Google's stuff doesn't work right.

when reading the eula it seems like they took the eula of one of their services (like gmail) and didn't change it for use with a desktop application

Yeah, say no to Webkit, because Google is using a really old version of it!
And say no to all the new ones too, because... well, because!