Chromium will support third-party Rust libraries

About the Author

By | https://twitter.com/gadget_ry
Categories: Languages, Open Source, Rust,

Ryan Daws is a senior editor at TechForge Media, with a seasoned background spanning over a decade in tech journalism. His expertise lies in identifying the latest technological trends, dissecting complex topics, and weaving compelling narratives around the most cutting-edge developments. His articles and interviews with leading industry figures have gained him recognition as a key influencer by organisations such as Onalytica. Publications under his stewardship have since gained recognition from leading analyst houses like Forrester for their performance. Find him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)

Google has announced that it will allow third-party Rust libraries in its Chromium open-source browser project.

Chrome security team member Dana Jansens published a blog post on Thursday announcing the decision.

Jansens says that Google is now actively pursuing adding a production Rust toolchain to its build system.

“Our goal in bringing Rust into Chromium is to provide a simpler (no IPC) and safer (less complex C++ overall, no memory safety bugs in a sandbox either) way to satisfy the rule of two, in order to speed up development (less code to write, less design docs, less security review) and improve the security (increasing the number of lines of code without memory safety bugs, decreasing the bug density of code) of Chrome,” explains Jansens.

“We believe that we can use third-party Rust libraries to work toward this goal.”

Around 70 percent of the serious security bugs in Chromium are memory safety problems. When written correctly, Rust can be used to avoid memory safety issues.

“Rust guarantees temporal memory safety with static analysis that relies on two inputs: lifetimes (inferred or explicitly written) and exclusive mutability,” Jansens explained.

Third-party Rust libraries will only be allowed if there “is a business need”. Google says that includes where:

  • The Rust implementation is the best (e.g., speed, memory, lack of bugs) or the only existing implementation available for the third-party library.
  • The Rust implementation allows the operation to move to a higher privileged process, and this benefits the product by improving on guardrail metrics (e.g. through avoiding process startup, IPC overheads, or C++ memory-unsafety mitigations).
  • The Rust implementation can meaningfully reduce our expected risk of (memory/crashes/undefined behaviour) bugs when compared to the existing third-party library and related C++ code required to use the library.

Google plans to introduce the Rust toolchain and allow libraries written in the language within the next year.

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *