Comment on Google patches its fifth zero-day vulnerability of the year in Chrome
onlinepersona@programming.dev 5 months ago
C++ is such a wonderful language.
Comment on Google patches its fifth zero-day vulnerability of the year in Chrome
onlinepersona@programming.dev 5 months ago
C++ is such a wonderful language.
embed_me@programming.dev 5 months ago
To blame the language or to blame the programmer
bitfucker@programming.dev 5 months ago
I think the language is fair here since there are a lot of developers working on chrome. The language enabling mistakes like this is the fault because the sheer size of the project itself makes it unlikely any single person understands the whole codebase in detail. But then again, the C++ version used also matters since modern C++ also has tools to avoid footguns, but chrome predates those tools so shit is already set in stone.
expr@programming.dev 5 months ago
Given that this vulnerability was due to a use-after-free, definitely the language. Such a thing is impossible in memory-safe languages (Rust being the most obvious comparison).