In simple terms, they just don’t allow you to write code that would be unsafe in those ways. There are different ways of doing that, but it’s difficult to explain to a layperson. For one example, though, we can talk about “out of bounds access”.

Suppose you have a list of 10 numbers. In a memory unsafe language, you’d be able to tell the computer “set the 1 millionth number to be ‘50’”. Simply put, this means you could modify data you’re not supposed to be able to. In a safe language, the language might automatically check to make sure you’re not trying to access something beyond the end of the list.

No, the industry consensus is actually that open source tends to be more secure. The reason C++ is a problem is that it’s possible, and very easy, to write code that has exploitable bugs. The largest and most relevant type of bug it enables is what’s known as a memory safety bug. Elsewhere in this thread I linked this:

https://www.chromium.org/Home/chromium-security/memory-safety/

Which says 70% of exploits in chrome were due to memory safety issues. That page also links to this article, if you want to learn more about what “memory safety” means from a layperson’s perspective:

https://alexgaynor.net/2019/aug/12/introduction-to-memory-unsafety-for-vps-of-engineering/

Of course! Thanks for the discourse. Makes the world go 'round.

And as I said, if they manage to entirely switch, I won’t have reservations.

As far as security in extant browsers and C++, see here: https://www.chromium.org/Home/chromium-security/memory-safety/

The Chromium project finds that around 70% of our serious security bugs are memory safety problems.

It’s a serious issue.

Yeah, it was ok when the project started. The issue begins once it transitions from a toy to a potential competitor with Firefox.

Yeah, I know the history. And if they fully switch to Swift and manage decent performance, that would be acceptable, just strange. And it would also be fine to use whatever language if it were only a hobby project. I just reject the notion that C++ is an acceptable choice for new projects in security-critical positions.

The choice of C++ + Swift feels strange and off-putting to me. Swift, at least, is pretty safe as languages go, but does leave me scratching my head a bit. C++, though, frankly should have no place in a new browser project. For a piece of software whose whole purpose is to essentially download and run untrusted code, C++ is unacceptable.

It’s realistically not gonna happen, but what I’d really like to see is Servo developed into a full browser.

A favorite of mine is Ghidra. Before they realeased+open souced it a few years back, the only option for real software reverse engineering (as in, for large and non-trivial programs, where you need more than just fancy disassembly) was IDA Pro, which is absurdly expensive if you’re not sponsored or willing to pirate. Now, some of us kinda take for granted the fact that there’s an open source world-class RE tool. And honestly, I even prefer it to IDA Pro - that’s how good it is.