Google has been reinventing Google Chrome recently, but the company has also just revealed a powerful reason you should quit and move to a rival browser.
In a bold new report (via ZDNet), Google engineers have revealed that “unsafe” code within Google Chrome is responsible for 70% of its security vulnerabilities and 125 of the 130 “critical” bugs found in the browser over the last year.
The engineers specifically lay the blame on C and C++, 48 and 35-year-old programming languages respectively, which “don’t come with restrictions or warnings to prevent or alert developers when they’re making basic memory management errors. These early coding errors result in memory management vulnerabilities being introduced in applications.”
And this is a big deal. Memory management flaws are the most highly prized vulnerability by hackers, coming first, fifth and seventh in the top 10 list of dangerous vulnerabilities by Mitre, the non-profit organization which manages the US government’s database of software vulnerabilities.
Google Chrome is likely to be unsafe
But it doesn’t have to be this way. While all Chromium-based browsers (Microsoft Edge, Opera, Brave, etc) are built on the same code and therefore subject to the same weaknesses, one alternative stands out: Firefox. Unlike Chromium browsers, Firefox makes use of Rust, a safety-focused programming language which is specifically designed to be memory safe.
Firefox creator Mozilla developed Rust and has been integrating it into Firefox over the last three years. Now Google states it is looking at Rust, along with Swift, JavaScript, Kotlin and Java as programming languages to replace the C and C++ code in Chrome. The company is also working on custom C++ libraries after admitting that its strategy of sandboxing “has reached its maximum benefits when taking performance into account.”
It is to Google’s credit that it is now looking to address the memory unsafety problem at the heart of Chrome and Chromium “by any and all means necessary”, but there is no timeline on how long this will take or how it will be done with the company still weighing up its options. In the meantime, for those looking for a browser three years further down the line, Firefox looks like a good bet.