If Chrome implemented better cert checks, Lenovo (or anyone else) could just install their own version of ''Chromium, enhanced by Superfish'' for users and push them there instead. Who do we turn to then, Microsoft? (No thanks.) The party at fault here is Lenovo; I would be cautious to blame the tools they used. Also keep in mind there are many white hat uses for MITM SSL packet manipulation. If you lock down all the tools, pretty soon you end up with a walled garden controlled by very few parties (who then pull crap like this in the end anyway, with slightly better spin/PR).