Rust was sponsored and supported by Mozilla as a way to build a new, more secure and better performing web browser. Now, Google will soon start using the language for its own Chromium project, which means Mountain View is seemingly preparing a more secure future for the ubiquitous Chrome browser. Chrome Security Team member Dana Jansens announced the new development through Google’s Security Blog. Moving forward, the Chromium project is going to support libraries written in Rust. The developers are already working on a production Rust toolchain to add to the Chrome build system, which should bring actual Rust code to Chrome binary files “within the next year.” Rust is a modern, general-purpose programming language that offers native performance for several types of compiled applications – from traditional computer software to low-resource and embedded appliances. Furthermore, Rust is designed to provide memory safety from the get go, eliminating many classes of bugs and potential vulnerabilities at compile time.
Google thanks Mozilla for the “huge contribution to the systems software industry,” despite the fact that Chrome and Firefox are two competing browsers and Mozilla Foundation would essentially cease to exist without Google’s money. “Rust has been an incredible proof that we should be able to expect a language to provide safety while also being performant,” Jansens wrote. As Rust and C++ are two programming languages born out of different designs, Rust integration in Chromium will arrive only through third-party libraries for the time being. Interoperability between the two languages could be an issue too, so Google developers will need to be extra cautious when making the two code types talk to each other. Despite this and the burden of using two different programming languages for one huge project like the Chromium layout engine, Rust could be a huge help in making Chrome more secure. Memory safety flaws, which are the issues Rust programming is designed to eliminate, represent 70 percent of the worst security bugs discovered in Chromium. “Memory unsafety is an industry-wide problem,” Jansens remarked, and “making use of Rust is one part of a strategy to move the needle in this area.” Google is working on improving security in C++ code too, of course, as the 38-year old language is still used to write millions of lines in the Chrome code. Image credit: Chris Ried