C++ is a superset of the C language. C++ allows for writing high-performance applications but this comes at a price, security. It is an OOP language that is viewed by many as the best language for creating large-scale applications. Google Chrome is looking to bring memory safety to Chrome's C++ codebase. While the Google research team is the appetite for different languages than C++ with stronger memory safety guarantees, large codebases such as Chromium will use C++ for the foreseeable future. Google Chrome research team is looking at heap scanning to reduce memory-related security flaws in Chrome's C++ codebase, but the technique creates a toll on memory except when newer Arm hardware is used.
Google Chrome and Microsoft are major users of and contributors to the fast programming language C++. Google Chrome can't just rip and replace Chromium's existing C++ code with memory-safer Rust. There is interest increasing in using Rust because its memory safety is guaranteed.
Google Chrome is working on ways to improve the memory safety of C++ by scanning heap-allocated memory. Nearly 70% of the high severity software security flaws in chrome's code are memory unsafety problems, Google's engineers have revealed. Later, Goggle Chrome engineers have found ways to make C++ safer to reduce memory-related security flaws such as buffer overflow and use-after-free (UAF), which account for 70% of all software security bugs.
UAFs make up the majority of high-severity issues affecting the browser. And its access to heap-allocated memory is caused by dangling pointers. To detect UAFs, Google already uses C++ smart pointers like MiraclePtr. Heap scanning may add to this arsenal. Google explains how quarantines and heap scanning work. Goggle is also exploring the option of a programming language designed for compile-time safety checks with less runtime performance impact.
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
_____________
Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.