An update on Memory Safety in Chrome

The Google security blog providesan overview of what is being done to address memory-safety problems inthe Chrome browser.

In parallel, we'll be exploring whether we can use a memory safelanguage for parts of Chrome in the future. The leading contenderis Rust, invented by our friends at Mozilla. This is (largely)compile-time safe; that is, the Rust compiler spots mistakes withpointers before the code even gets to your device, and thus there'sno performance penalty. Yet there are open questions about whetherwe can make C++ and Rust work well enough together. Even if westarted writing new large components in Rust tomorrow, we'd beunlikely to eliminate a significant proportion of securityvulnerabilities for many years.