Google has announced that it will allow the use of third-party Rust libraries in its Chromium open source browser project.
Chrome security team member Dana Janssens published a post on the Google blog announcing the decision. The post clearly notes that Google is actively looking to add a production Rust toolchain to its build system.
“Our goal in bringing Rust into Chromium is to provide a simpler (no IPC) and safer (less complex C++ overall, no memory safety bugs in a sandbox either) way to satisfy the rule of two, in order to speed up development (less code to write, less design docs, less security review) and improve the security (increasing the number of lines of code without memory safety bugs, decreasing the bug density of code) of Chrome,”
About 70 percent of Chromium’s serious security flaws are memory safety issues. When written correctly, Rust can be used to avoid memory safety issues. Third-party Rust libraries will only be allowed if “there is a business need”.
According to Google, these are the cases when:
- The Rust implementation is the best (e.g., speed, memory, lack of bugs) or the only existing implementation available for the third-party library.
- The Rust implementation allows the operation to move to a higher privileged process, and this benefits the product by improving on guardrail metrics (e.g. through avoiding process startup, IPC overheads, or C++ memory-unsafety mitigations).
- The Rust implementation can meaningfully reduce our expected risk of (memory/crashes/undefined behaviour) bugs when compared to the existing third-party library and related C++ code required to use the library.