Google Chrome's security team said it is willing to sacrifice its browsing performance to make it safer.
Sundar Pichai, senior vice president of Chrome, speaks at Google's annual developer conference, Google I/O, in San Francisco on June 28, 2012.
The idea of the Google Chrome devs to choose the slower but safer route comes from an alarming data published last year.
Google Chrome Memory Safety Issue
As per ZDNet, Chrome's software engineers showed in their report last May 23, 2020, that 70% of the severe security bugs are from memory safety problems.
What's more, half of the security flaws in the Google browser are use-after-free vulnerabilities, which are safety issues that come from the incorrect management of memory pointers that further open Chrome to attacks.
The alarming percentage of security issues on Chrome was from the total of 812 safety bugs in the stable version of the browser since 2015.
The issue is not only found on Chrome. Even Microsoft shared the same issue with memory security flaws.
Google Chrome to Trade Performance for Security
That said, the security team working on Google Chrome published their solution to the memory safety issues on the browser, one of which involves trading off its performance.
The security team of Chrome is composed of Andrew Whalley, Dana Jansens, Adrian Taylor, and Nasko Oskov.
The team further cited the mentioned statistics of the security bugs from the memory safety flaws.
As such, to answer the prevailing wrath of bugs in the memory management of the browser, the devs of Chrome raised the idea of making it safer by including additional runtime checks.
Although runtime check makes the C++ language of Chrome safer than ever from memory safety vulnerabilities, it carries some performance costs.
The security team further wrote: "Checking the correctness of a pointer is an infinitesimal cost in memory and CPU time. But with millions of pointers, it adds up."
That said, the fix for the memory flaws could be trading off some memory and CPU time. Thus, affecting the overall performance of the browser.
The tradeoff gets even more noticeable for Google Chrome users with devices that do not sport the highest performing CPUs and are scarce in memory.
Thus, the additional runtime checks could result in slightly slower performance in web browsing.
However, the Chrome security team still noted that it is willing to experiment on the safer but slower option.
But the team is also working on writing a different language for the browser, which does not require an additional runtime.
Google Chrome 94 Security Fixes
Meanwhile, according to Ghacks, Google Chrome 94 is now out for stable users, which is the earliest version of the browser that carries the 4-week release cycle, instead of 6 weeks.
The tech giant further disclosed that the new update on the stable channel fixed 19 severe security issues on the browser.
Related Article: Google Chrome 94 Beta Test to Bring Upgraded Browser Gaming Features, After Tweaking WebCodecs, WebGPU
This article is owned by Tech Times
Written by Teejay Boris
