An update on Memory Safety in Chrome
An update on Memory Safety in Chrome
[Security] Posted Sep 22, 2021 16:27 UTC (Wed) by corbet
The Google security blog provides an overview of what is being done to address memory-safety problems in the Chrome browser.
In parallel, we’ll be exploring whether we can use a memory safe language for parts of Chrome in the future. The leading contender is Rust, invented by our friends at Mozilla. This is (largely) compile-time safe; that is, the Rust compiler spots mistakes with pointers before the code even gets to your device, and thus there’s no performance penalty. Yet there are open questions about whether we can make C++ and Rust work well enough together. Even if we started writing new large components in Rust tomorrow, we’d be unlikely to eliminate a significant proportion of security vulnerabilities for many years.