Chrome willing to take performance hit to prevent use-after-free bugs | ZDNet


Image: Shutterstock

The Chrome security team has said it is willing to make the browser slightly slower if it means the tradeoff is a much more secure browser.

Pointing to previous figures that 70% of all security problems are related to memory safety, the team said in a blog post that it was looking at three approaches: Compile-time checks, runtime checks, and using a memory safe language.

Thanks to the use of C++, the first option was not possible, but it was looking at solutions such as MiraclePtr for runtime checking.

“MiraclePtr prevents use-after-free bugs by quarantining memory that may still be referenced. On many mobile devices, memory is very precious and it’s hard to spare some for a quarantine,” the team said.

“Nevertheless, MiraclePtr stands a chance of eliminating over 50% of the use-after-free bugs in the browser process — an enormous win for Chrome security, right now.”

At the same time, the browser is continuing to look at how to integrate the Rust language to allow for compile-time checks which subsequently do not impact performance.

“There are open questions about whether we can make C++ and Rust work well enough together,” the team said.

“Even if we started writing new large components in Rust tomorrow, we’d be unlikely to eliminate a significant proportion of security vulnerabilities for many years. And can we make the language boundary clean enough that we can write parts of existing components in Rust? We don’t know yet. ”

The team said it is trying out some limited usage of Rust, but this has yet to make it through to production builds of Chrome.

Invented by Mozilla, Rust has been used in parts of Firefox since 2016, and Google’s Android team has pushed to introduce Rust into the Linux kernel.

Related Coverage

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.