From the blog comments: I really do wonder how much effort they’re actually putting in behind the scenes to move away from C++/C. Not just at Google, all big tech companies are likely facing this...
The company is making investments in memory safe languages include shipping some features for Chrome in Rust and setting up a $1 million grant to the Rust foundation to enhance interoperability with C++ code.
Analysis by Google’s Project Zero “shows two thirds of 0-day exploits detected in the wild used memory corruption vulnerabilities.”
I really do wonder how much effort they’re actually putting in behind the scenes to move away from C++/C. Not just at Google, all big tech companies are likely facing this issue to a certain degree.
Sure, you can rewrite ls or whatever other small utility program in Rust fairly quickly, but Chromium? That’s probably a decade-long project, even if they had the political will to get such a decision going already, which I’m not sure there is, due to the sheer enormity of such a project.
Honestly they'd be better off building on top of Servo than rewriting Chromium in Rust. But they won't do that because it'd mean giving up their browser engine monopoly and their near-total...
Honestly they'd be better off building on top of Servo than rewriting Chromium in Rust. But they won't do that because it'd mean giving up their browser engine monopoly and their near-total control of web standards.
Relative to how hush hush and silent the other articles are, this one certainly counts as dissection! Though I should have used a different word in retrospect, you're right. From this, at least I...
Relative to how hush hush and silent the other articles are, this one certainly counts as dissection! Though I should have used a different word in retrospect, you're right.
From this, at least I came to know it's a C memory overflow bug. Most others are like just "Google says it's urgent, so".
Yes, that’s pretty typical for security bugs. They’ll probably explain it after versions with the fix are rolled out everywhere. (There are multiple browsers that depend on Chromium.)
Yes, that’s pretty typical for security bugs. They’ll probably explain it after versions with the fix are rolled out everywhere. (There are multiple browsers that depend on Chromium.)
From the blog comments:
I really do wonder how much effort they’re actually putting in behind the scenes to move away from C++/C. Not just at Google, all big tech companies are likely facing this issue to a certain degree.
Sure, you can rewrite ls or whatever other small utility program in Rust fairly quickly, but Chromium? That’s probably a decade-long project, even if they had the political will to get such a decision going already, which I’m not sure there is, due to the sheer enormity of such a project.
Honestly they'd be better off building on top of Servo than rewriting Chromium in Rust. But they won't do that because it'd mean giving up their browser engine monopoly and their near-total control of web standards.
Maybe Firefox will then. They wouldn't be giving those things up.
I haven’t read anything about a large rewrite like that.
Unless I missed something, there’s no “dissection” in this short blog post. Did you mean to post a different article?
Relative to how hush hush and silent the other articles are, this one certainly counts as dissection! Though I should have used a different word in retrospect, you're right.
From this, at least I came to know it's a C memory overflow bug. Most others are like just "Google says it's urgent, so".
Yes, that’s pretty typical for security bugs. They’ll probably explain it after versions with the fix are rolled out everywhere. (There are multiple browsers that depend on Chromium.)
By the way, I feel like this would fit better into ~comp. Where is the line drawn for these kinds of topics?