in ,

Google Integrates Rust into Chromium for Improved Security and Development Efficiency

Google Integrates Rust into Chromium

Google has stated that it has begun work on integrating a production-ready Rust toolchain into its build system to include Rust code in Chrome binaries later this year. The decision to add Rust to Chromium, the open-source project that powers Google Chrome, was motivated by a need for a simpler and safer approach to creating the browser.

According to Dana Jansens, a member of the Chrome security team, the purpose of incorporating Rust into Chromium is to speed up development while also improving Chrome security. Rust can work around memory safety problems, which account for 70% of significant security bugs reported in Chromium. Although Rust cannot guarantee the safety of your code, it may significantly minimise the number of potential problems.

Google has long recognised the value of Rust, and its deployment has already reduced Android’s memory issues. Jansens expressed gratitude to Mozilla for assisting in the development of Rust until it had developed and gathered enough outside backing to justify its foundation.

Jansens discussed how the Rust and C++ foundations of Chromium interact with tools like cxx, autocxx bindgen, cbindgen, diplomat, and crubit. These tools provide a safe method to call C++ code from Rust code and vice versa, although they are constrained by the architectural differences between the two languages. Rust, for example, ensures temporal memory safety using static analysis based on two inputs: lifespan (either inferred or explicitly declared) and exclusive mutability. The latter ensures that Chromium’s C++ is incompatible with most of them.

Rust and C++ follow separate norms, and compatibility is easily compromised. To address this, Chromium only offers one-way compatibility between C++ and Rust. This path was selected since Chromium is written in C++ and the majority of the stack frames, from main() to exit(), are C++ code (). You may regulate the form of your dependency tree by restricting interoperability to one way. Because Rust is not dependent on C++, it can only learn about C++ types and functions through dependency injection API.

We may expect the ecosystem of Rust packages to increase dramatically as Google’s commitment to Rust grows. The business creates and maintains technologies like crubit, which enable bidirectional compatibility between C++ and Rust. Rust has already been integrated into the Android environment by Google. Mark Russinovich, CTO of Microsoft Azure, urges new projects to adopt Rust instead of C++. Rust support has been introduced to the Linux kernel. Even Apple utilises Rust.

With the growing popularity of Rust and its proven ability to reduce memory vulnerabilities, we can expect to see more companies adopt Rust in their tech stacks in the future.