Google Chrome out for one day, already reasons to avoid
By Marshalus, 03 September 2008 - 16:21 88 comments
As we reported yesterday, Google has released the first beta of their new web browser, Google Chrome. Within a day of its release, there are already a couple of points that users should be cautioned of before using this new browser.
The first, is the popular "carpet bomb" vulnerability that still exists within Chrome, as pointed out on our forums by our member matessim. This vulnerability allows malicious websites to drive by download and execute programs on your machine. Our visitors may remember the uproar that this same vulnerability caused for Safari users, and that Apple patched the carpet-bombing issue with Safari v3.1.2. Chrome is vulnerable to this exploit because it is based on the same engine, WebKit 525.13, and Google did not patch or update the engine before releasing the software.
The other, and less technical, problem with Chrome exists in its EULA. More specifically, the point that would seem to give Google rights to anything you post on the Internet while using their browser, mostly in conjunction with the promotion of its services.
Update: Google has rectified the EULA issue.
"By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any content which you submit, post or display on or through, the services. This license is for the sole purpose of enabling Google to display, distribute and promote the services and may be revoked for certain services as defined in the additional terms of those services." Not exactly something you're used to seeing in a web browser's license agreement.
There is also the point that Google reserves the right to automatically update and install Chrome. Interesting, "the software which you use may automatically download and install updates from time to time from Google. These updates are designed to improve, enhance and further develop the services and may take the form of bug fixes, enhanced functions, new software modules and completely new versions. You agree to receive such updates (and permit Google to deliver these to you) as part of your use of the services." ... so says the EULA.
Now we're all used to seeing automatic update functions built into software. It seems that almost anything you install these days has one. However, very few demand that I install their updates. What if I don't want to because the new version includes a bug or breaks something else on my computer? Although, one would hope that they'd use this automatic update feature to fix the flaw pointed out above.
View: Google Chrome EULA
Comments (88)
Marshalus - 03 September 2008 - 16:24
BTW, just in the interest of full disclosure, I have not used Google Chrome... nor do I intend to until these issues are corrected.
bob_c_b - 05 September 2008 - 14:42
Just say no to WebKit.
PsykX - 06 September 2008 - 04:12
Yeah, say no to Webkit, because Google is using a really old version of it!
And say no to all the new ones too, because... well, because!
XerXis - 03 September 2008 - 16:27
when reading the eula it seems like they took the eula of one of their services (like gmail) and didn't change it for use with a desktop application
- jigz - - 03 September 2008 - 16:31
mmm its in beta for a reason......
Marshalus - 03 September 2008 - 16:34
I was going to put this in the article, but didn't. That is no excuse for EULA and massive security holes that have been known for weeks if not months to target the framework your product is based on. I could understand if this was a new hole that didn't effect other browsers, but its the same one that Safari dealt with already that Google repackaged and redistributed to an unknowing public.
Besides, everything Google puts out is in beta.
+TCLN Ryster - 03 September 2008 - 17:35
Yeah, it's a handy excuse for them (and the apologists) to use when Google's stuff doesn't work right.
39 Thieves - 03 September 2008 - 16:36
Might want to check out the privacy policy as well.
Oh, and I'm posting this from Chrome. Guess I like to live dangerously.
+Beastage - 03 September 2008 - 16:53
Oh, and I'm posting this from Chrome. Guess I like to live dangerously. :rolleyes:
Yeap, tho you might want to microwave your hard drive the RIAA are already on their way.
Anyway, I tried and uninstalled, pointless to bother with it imo , but it is nice that Google does the Apple trick and sticks an update service in your PC that you have to remove manually.
sphbecker - 03 September 2008 - 18:25
Better than the Adobe trick where they include their update code in every product with no way to disable globally or through policy.
HalcyonX12 - 03 September 2008 - 16:40
Google doesn't have rights to everything you post using its browser, the EULA states quite clearly that the data you post to their services that Chrome makes use of (such as the address bar searching, etc) will be submitted to google and they can do stuff with it. This is all stuff that has been in the privacy policies of their web services since forever.
There are other versions to avoid it though, such as the fact that it installs some update software that doesn't uninstall when you remove the browser...
diabulos - 03 September 2008 - 17:04
Actually, you may be wrong on that one....
Section 9.4 of the EULA says:
9.4 Other than the limited license set forth in Section 11, Google acknowledges and agrees that it obtains no right, title or interest from you (or your licensors) under these Terms in or to any Content that you submit, post, transmit or display on, or through, the Services, including any intellectual property rights which subsist in that Content (whether those rights happen to be registered or not, and wherever in the world those rights may exist). Unless you have agreed otherwise in writing with Google, you agree that you are responsible for protecting and enforcing those rights and that Google has no obligation to do so on your behalf.
So you may think, great, I own my stuff, even if it is not registered (as usual on copyright practice) then you go to 11..:
11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.
Which completely cancels out the first! there is no qualifier here, you retain all the rights but you grant us use of it for free...that is what is saying, so you are granting google use of that lovely picture you send to Aunt Clare, which you also have in istock, for free. As you read 1.1...
1.1 Your use of Google�s products, software, services and web sites (referred to collectively as the �Services� in this document and excluding any services provided to you by Google under a separate written agreement) is subject to the terms of a legal agreement between you and Google. �Google� means Google Inc., whose principal place of business is at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. This document explains how the agreement is made up, and sets out some of the terms of that agreement.
you realize that software is part of the services, hence chrome is within the sphere of this, not only Gmail, et al. It also means google has a right to use emails of yours and publish them......if they wish....and then of course the grand section...
11.3 You understand that Google, in performing the required technical steps to provide the Services to our users, may (a) transmit or distribute your Content over various public networks and in various media; and (b) make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media. You agree that this license shall permit Google to take these actions.
You may own your content, but as long as you used the services (this includes you google doc spreadsheet with your trading secrets) Google can do what it likes with it.....it does not even tell you that it has to tell you...you just granted it to them.....
Nice.
HalcyonX12 - 03 September 2008 - 23:09
Oh well, it's a EULA from their services
But it doesn't stand for use of the software, it's a mistake
undu - 04 September 2008 - 11:33
On a sidenote: the default directory of chrome is NOT the desktop, so people who run it as provided won't notice this problem.
SVG - 03 September 2008 - 17:08
People trust Google even after so many instances of them being the Big Brother of the internet.. Its just remarkable :\
BigBoy - 03 September 2008 - 17:27
The great double standard...
If Microsoft tried to pull some crap like this, people would be screaming bloody murder.
SVG - 03 September 2008 - 17:43
If Microsoft tried to pull some crap like this, people would be screaming bloody murder.
A company with a fruity rainbow coloured logo seems harmless to people I guess :P
C_Guy - 03 September 2008 - 19:15
Is that why Apple switched their logo?
RAID 0 - 03 September 2008 - 17:25
The other, and less technical, problem with Chrome exists in its EULA. More specifically, the point that would seem to give Google rights to anything you post on the Internet while using their browser, mostly in conjunction with the promotion of its services.
That's weak. I was thinking about trying Chrome, but now... not so much.
Izlude - 03 September 2008 - 17:29
Sounds scary. Can anyone show us an example of the work that google has reproduced from someone's email/posting etc? I'd seriously like to see it, because that's very scary.
Well anyway, I don't think they'll care much about reproducing my digimon fan fictions. Who cares.