IE is also intentionally run as the current user at a low privilege level, which makes it possible to do things like this to the IE process, but makes it impossible for the IE process to do things like this to other programs.
Yes. As long as the processes are all run with the same rights/users. I created an app in .Net for my old job which would detect if the F8 key is pressed while a specific database app is active/in-focus. If so, it creates a new search window (that belongs to my app, not the db app) and changes the parent handle to that of the db app window. So now I've created my own 'search' feature within the db app. For the users of the db app, they don't even know F8 feature is homebrew. It works great and people use it all the time.
Under standard Windows "idiot" mode users can download and install executables in user space and those apps can read, subvert, or destroy anything in user space. I don't really see how the way admin rights typically work in any way addresses this. Valuable stuff is generally in user space, not admin space. (I can get a copy of your OS anywhere, but your banking details and personal documents are in user space.)
One way to address this is to change the computing model away from file/folder-based to use-based (which is what Apple has done with iOS and is moving towards in Lion). I'm sure there are others, but I don't see anyone attempting to implement them at scale.
If an administrator installs the "multiple user" version of Chrome on the computer (which is installed in the "Program Files" folder as per a normal app), the next time a user runs their "single user" version of Chrome it will display a message that the multiple user version has been installed and their single user application is uninstalled.
3. unzip again until you see a chrome.exe
4. move the chrome.exe to the folder in the same directory
5. Now you have a clean copy of Chrome Dev. Create a shortcut of chrome.exe to your desktop and enjoy!
While not entirely the same thing, it's a start.
I found this question interesting, does anyone know of any viable source for this kind statistics? Is the user-agent for chrome frame distinguishable?
Edit: Found the user-agent from the dev docs; "GCF reports that it is available by extending the host's User-Agent header with the string chromeframe"
Side note, from their FAQs:
Is Google Chrome Frame open-source?
Google Chrome Frame is built from open source code in the Chromium project just like Google Chrome.
Does this sound like a non-answer to anyone else, or is it just me?
As a side note, after having looked at the code for a few minutes, it appears they're doing some clever things with the Chrome Frame helper program: (tidy) DLL injection into Internet Explorer, together with dynamic BHO loading using the windowing API and the IWebBrowser2 interface (see http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame... ).
The "right" way to do this is to register your BHO dll through regsvr32 (I believe this creates a registry entry as well.) If you have Administrative rights, the installer does this for you, and Internet Explorer will do everything on its own from there on.
It surprises me that their workaround actually works. One would think that aspects such as DLL injection and API interfacing would be blocked for non-administrative users. The code could actually prove inspirational for malware writers. I still wonder how they load the helper program at startup. Probably using a service, but setting a new service would require Administrative privileges, I believe...
You don't have to use regsvr32. Registration-free COM (http://msdn.microsoft.com/en-us/library/ms973913.aspx) has been around for a while. I wonder why this was not used, or if there is a limitation with certain types of COM objects.
EDIT: Of the two replies before mine, one seems to have read the answer as “no, but…” while the other read it as “yes! In fact…”, and neither considered the answer particularly evasive.
One of them looked at the Chromium source code, which has evidence for “yes” being correct. Of all the reasons to need to read the source, you’d think we could avoid it when we already have a FAQ covering that exact question.
Meh. Depends where you're coming from. I can see that being helpful for someone that doesn't realize it's just powering IE with Chrome behind the scenes, and wants access to the code for the rendering engine... but someone smart enough to want the source code probably wants the actual stuff that's working with IE under the hood..