Google Just Gave Millions Of Users A Reason To Quit Chrome

by

05/29 Update below. This post was originally published on May 26

Google has been reinventing Chrome recently, but the company has also just revealed a powerful reason you should quit and move to a rival browser. 

https://specials-images.forbesimg.com/imageserve/1188076554/960x0.jpg?fit=scale
Google has confirmed ageing code within its Chrome browser leaves it vulnerable to attackSOPA Images/LightRocket via Getty Images

In a bold new report (via ZDNet), Google engineers have revealed that “unsafe” code within Chrome is responsible for 70% of its security vulnerabilities and 125 of the 130 “critical” bugs found in the browser over the last year. 

Microsoft: Here's why we love programming language Rust and kicked off Project Verona | ZDNetMozilla-created programming language Rust could one day help Microsoft kill a large chunk of its worst security bugs.Liam Tung, 22 May 2020
https://redirect.viglink.com/?format=go&jsonp=vglnk_159075091735313&key=b8f771eed689587b82c4635131ce08d7&libId=kas3wyj601010l04000DLd0nx59tf&loc=https%3A%2F%2F9to5google.com%2F2020%2F05%2F28%2Fchrome-84-notification-block%2F&v=1&out=https%3A%2F%2Fblog.chromium.org%2F2020%2F05%2Fprotecting-chrome-users-from-abusive.html&ref=https%3A%2F%2Ffeedly.com%2Fi%2Fsaved&title=Chrome%2084%20will%20block%20intrusive%20notifications%20from%20abusive%20sites%20-%209to5Google&txt=automatically

The engineers specifically lay the blame on C and C++, 48 and 35-year-old programming languages respectively, which “don't come with restrictions or warnings to prevent or alert developers when they're making basic memory management errors. These early coding errors result in memory management vulnerabilities being introduced in applications.” 

And this is a big deal. Memory management flaws are the most highly prized vulnerability by hackers, coming first, fifth and seventh in the top 10 list of dangerous vulnerabilities by Mitre, the non-profit organization which manages the US government’s database of software vulnerabilities. 

https://specials-images.forbesimg.com/imageserve/5ece5200938ec500060aaaa6/960x0.jpg?fit=scale
Mozilla's Rust platform may be the answerMozilla

But it doesn’t have to be this way. While all Chromium-based browsers (Microsoft Edge, Opera, Brave, etc) are built on the same code and therefore subject to the same weaknesses, one alternative stands out: Firefox. Unlike Chromium browsers, Firefox makes use of Rust, a safety-focused programming language which is specifically designed to be memory safe

Firefox creator Mozilla developed Rust and has been integrating it into Firefox over the last three years. Now Google states it is looking at Rust, along with Swift, JavaScript, Kotlin and Java as programming languages to replace the C and C++ code in Chrome. The company is also working on custom C++ libraries after admitting that its strategy of sandboxing “has reached its maximum benefits when taking performance into account.”

It is to Google’s credit that it is now looking to address the memory unsafety problem at the heart of Chrome and Chromium "by any and all means necessary", but there is no timeline on how long this will take or how it will be done with the company still weighing up its options. In the meantime, for those looking for a browser three years further down the line, Firefox looks like a good bet. 

___

https://www.facebook.com/GordonKelly

More On Forbes

Google’s New Tab Groups Reinvigorate Chrome BrowserGoogle has just given Chrome users a brilliant new feature you need to try right now...Gordon Kelly, 12 Apr 2020
A New Windows 10 Update Just Compromised Google ChromeGoogle has revealed an unfixable problem which may force you to pick between Windows 10 and Chrome.Gordon Kelly, 26 Apr 2020