Google Just Gave Millions Of Users A Reason To Quit Chrome

Google Just Gave Millions Of Users A Reason To Quit Chrome

Google has been reinventing Chrome recently, but the company has also just revealed a powerful reason you should quit and move to a rival browser. 

In a bold new report (via ZDNet), Google engineers have revealed that “unsafe” code within Chrome is responsible for 70% of its security vulnerabilities and 125 of the 130 “critical” bugs found in the browser over the last year. 

05/28 Update: expanding upon this story, it is important to note that Microsoft is already working on improving the C and C++ code code in its Chromium-based Edge browser with Project Verona, code inspired by Rust (detailed below). Speaking with ZDNet earlier this month, Microsoft states C and C++ have “reached a wall [and] We can’t really do much more than we already have. It’s becoming harder and harder and more and more costly to address these issues over time.” Discussing its decision, Microsoft said: “We need to look out to the industry to see what the best alternative to C++ is. And it turns out that language is a language called Rust. We’re looking to adopt that language to make our system software at Microsoft more safe and reliable.” Despite Edge being based on Google’s Chromium source code, Microsoft’s proactive decision has the potential to give Edge a head-start against Chrome, though Firefox still has a clear first mover advantage.

The engineers specifically lay the blame on C and C++, 48 and 35-year-old programming languages respectively, which “don’t come with restrictions or warnings to prevent or alert developers when they’re making basic memory management errors. These early coding errors result in memory management vulnerabilities being introduced in applications.” 

And this is a big deal. Memory management flaws are the most highly prized vulnerability by hackers, coming first, fifth and seventh in the top 10 list of dangerous vulnerabilities by Mitre, the non-profit organization which manages the US government’s database of software vulnerabilities. 

But it doesn’t have to be this way. While all Chromium-based browsers (Microsoft Edge, Opera, Brave, etc) are built on the same code and therefore subject to the same weaknesses, one alternative stands out: Firefox. Unlike Chromium browsers, Firefox makes use of Rust, safety-focused programming language which is specifically designed to be memory safe. 

Firefox creator Mozilla developed Rust and has been integrating it into Firefox over the last three years. Now Google states it is looking at Rust, along with Swift, JavaScript, Kotlin and Java as programming languages to replace the C and C++ code in Chrome. The company is also working on custom C++ libraries after admitting that its strategy of sandboxing “has reached its maximum benefits when taking performance into account.”

It is to Google’s credit that it is now looking to address the memory unsafety problem at the heart of Chrome and Chromium “by any and all means necessary”, but there is no timeline on how long this will take or how it will be done with the company still weighing up its options. In the meantime, for those looking for a browser three years further down the line, Firefox looks like a good bet.