The Google security blog provides
an overview of what is being done to address memory-safety problems in
the Chrome browser.
In parallel, we’ll be exploring whether we can use a memory safe
language for parts of Chrome in the future. The leading contender
is Rust, invented by our friends at Mozilla. This is (largely)
compile-time safe; that is, the Rust compiler spots mistakes with
pointers before the code even gets to your device, and thus there’s
no performance penalty. Yet there are open questions about whether
we can make C++ and Rust work well enough together. Even if we
started writing new large components in Rust tomorrow, we’d be
unlikely to eliminate a significant proportion of security
vulnerabilities for many years.