Chris Sullo has a post out over on the HP Security Labs blog on his experience downloading Google Chrome. He clicked and it was installed... no download prompt, no installer, nothing. I actually experienced it this morning before I left my apartment but in my haste said I'd wait until tonight to explore further. I really thought I was going crazy... I'm glad to know that I'm not, or at least not in this case.

I don't know if horrified is a strong enough word to express how this makes me feel. Shocked, disgusted, sorry I've ever defended Microsoft in the past... these are a few things that come to mind. Not only did they undermine the security of Firefox... they've destroyed my trust in them. How will I ever feel comfortable accepting another Microsoft update (after all, that's how .NET came to be installed on my computer). Had I went and downloaded it... sure, but I didn't I did what we in the security industry tell every individual to do... I installed my available updates. I even reviewed them but there was no note that read "CAUTION: This will decrease the security of your computer".

Microsoft has managed to successfully allow drive-by downloads in Firefox. My skin is crawling... and unfortunately if my wife is at home browsing right now my computer probably is to.