On Sep 8, 5:47 am, [EMAIL PROTECTED] wrote: > You're right! Currently it seems hypocritical to me that Google Chrome > is publicly reputed to be open source. As long as it is bundled with > closed source components like Google Update. Especially when these > closed source components start tagging your box and your Windows user > accounts with GUIDs. So it's recommended to use Chromium directly.
It may be worse than that. When I went to install Google Chrome, as soon as I clicked on the download button in Firefox the Google Update engine started downloading Google Chrome. Examining the source code for the page, it looks like Google could have kicked off the download without clicking ANYTHING on the page, using "_GU_*()" calls. This means that the security of the Google Update service is pretty important. If it can install a component without user intervention, then they need to be DAMNED sure that nobody else can convince Google Update that they're "google enough" to download and install their malware. I've sent mail to Google asking for some information about the security model used by Google Update, but in the meantime I've removed it and the software that included it... and I'm going to hold off on checking out Chrome until this is resolved. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-discuss" group. To post to this group, send email to chromium-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
