The move aims to simplify development while delivering a safer browser experience.
This week Google announced that the Chromium project is going to support third-party Rust libraries from C++ in Chromium. In fact, Google is actively pursuing adding a production Rust toolchain to their build system, according to Dana Jansens from the Chrome security team.
Writing in a blog post this week, Jansens says that the decision will enable Google to include Rust code in the Chrome binary within the next year. “We’re starting slow and setting clear expectations on what libraries we will consider once we’re ready.”
Satisfying the ‘rule of two’
“Our goal in bringing Rust into Chromium is to provide a simpler (no IPC) and safer (less complex C++ overall, no memory safety bugs in a sandbox either) way to satisfy the rule of two”, Jansens explains.
The rule of two dictates that when writing code to parse, evaluate or otherwise handle untrustworthy inputs from the Internet, one should pick no more than two of the following three risk factors: (1) untrustworthy inputs; (2) unsafe implementation language; and (3) high privilege.
Jansens adds that the move is also expected to speed up the development of Chromium, since there is less code to write and fewer design docs. Adding Rust will also improve security, Jansens says, as it increases the number of lines of code without memory safety bugs while decreasing the bug density.
“We believe that we can use third-party Rust libraries to work toward this goal”, Jansens declares. “We know that C++ and Rust can play together nicely.” There are, however, some limitations. “We can expect that the shape of these limitations will change in time through new or improved tools, but the decisions and descriptions here are based on the current state of technology.”
The addition of Rust to the Chromium project should not come as a surprise. Google has been coding Android in Rust since 2019.