Given that this vulnerability was due to a use-after-free, definitely the language. Such a thing is impossible in memory-safe languages (Rust being the most obvious comparison).
Comment on Google patches its fifth zero-day vulnerability of the year in Chrome
embed_me@programming.dev 5 months agoTo blame the language or to blame the programmer
expr@programming.dev 5 months ago
bitfucker@programming.dev 5 months ago
I think the language is fair here since there are a lot of developers working on chrome. The language enabling mistakes like this is the fault because the sheer size of the project itself makes it unlikely any single person understands the whole codebase in detail. But then again, the C++ version used also matters since modern C++ also has tools to avoid footguns, but chrome predates those tools so shit is already set in stone.