"Programming Languages: How Google Is Improving C++ Memory Safety"

Google's Chrome team is exploring the use of heap scanning to decrease memory-related security flaws in Chrome's C++ codebase, but the method takes up a lot of memory unless newer ARM hardware is used. Google cannot simply replace Chrome's existing C++ code with memory-safe Rust, so it is working on ways to increase the memory safety of C++ by scanning heap-allocated memory. Chrome engineers have discovered how to make C++ safer to reduce memory-related security flaws such as buffer overflow and Use-After-Free (UAF), which make up 70 percent of all software security flaws. C++ does not guarantee that memory is always accessed with the most up-to-date structure information. Therefore, Google's Chrome team has been experimenting with using a "memory quarantine" and heap scanning to prevent the reuse of memory that is still reachable. According to Google, the idea behind ensuring temporal safety with quarantining and heap scanning is to prevent reusing memory until it has been proven that there are no more (dangling) pointers referring to it. This article continues to discuss Google's efforts towards improving C++ memory safety. 

ZDNet reports "Programming Languages: How Google Is Improving C++ Memory Safety"