Google responded to Microsoft’s warning the "Chrome Frame running as a plug-in has doubled the attack area for malware and malicious scripts….Running a browser within a browser doubles the potential attack surface in a way that we don't see is particularly helpful," said Amy Bazdukas. Google says "Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users. It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology [in IE6 and on Windows XP], and defenses from emerging online threats that’re available in days rather than months." Although both IE7 and IE8 include a "sandbox" defense dubbed "Protected Mode," the feature works only when the browsers are run in Vista (IE7 and IE8) or Windows 7 (IE8). Google's Chrome Frame, however, prevents malicious code from escaping the browser -- and worming its way into, say, the operating system -- on Windows XP as well, said a Google spokesman.
Download: Chrome Frame