Chrome has Extensions, But They're Useless for Security
I really like Chrome as a browser. It's efficient, fast, and a powerhouse of future web technologies. On the Mac, it's a little bit faster than Firefox. On every platform, it just takes up less screen real estate than the competition.
But the reason I keep launching Firefox every day is the simple fact that Chrome doesn't have the same extension support as Firefox. There are a few addons that I simply require for my daily life, and I've posted a few of them before. The most important of which is NoScript.
I'm a security conscious guy. And I'm not going to stop being a security conscious guy when it comes to web browsers. Extensions like NoScript and Flashblock, among others, let me shrink my attack surface as much as I possibly can, and allow me to choose who I trust to push risky web components onto my delicate, precious computer. Chrome, in it's current state, does not have the infrastructure to support these advanced plugins, however.
An October blog post from Hackademix, the blog from the guy behind NoScript, explains. Extensions like Noscript have to hook deep into the bowels of the browser in order to prevent the loading or execution of things like Javascript or Flash. Chrome does not have those hooks available, which means that it loads every thing, every time. Yes, there's a Flashblock for Chrome. But the extension loads the flash and then hides it, which means it offers no protection from flash-based vulnerabilities. The Adblockers for Chrome don't speed up your browsing, either, as they load ads but then go about hiding them.
The post above has a demo that circumvents the Flashblock extension as a demonstration, to prove his point. He also speculates that Google may have crippled Chrome extensions by design, in order to avoid effective ad blocking. Obviously, the popularity of ad blocking technology for Firefox probably causes anxiety for an advertising based company, such as google. I guess we'll see- I can't think of any other reason to keep these limits in place.
