Google revealed that the number of memory safety vulnerabilities has dropped below 20% for the first time as the company continues to adopt the Rust programming language in Android.
“We adopted Rust for security and saw a 1,000x reduction in memory safety vulnerability density compared to Android’s C and C++ code,” said Google’s Jeff Vander Stoep. “But the biggest surprise is the impact Rust has had on software delivery.” “Rust changes reduced rollback rates by a factor of 4 and reduced time spent on code reviews by 25%, making a safer method a faster method.”
The development comes a little more than a year after the tech giant announced that its transition to Rust had reduced memory safety vulnerabilities from 223 in 2019 to fewer than 50 in 2024.
The company noted that Rust code requires fewer revisions, approximately 20% fewer revisions than C++ code, contributing to lower rollback rates, thereby increasing overall development throughput.
Google also said it has plans to extend Rust’s “security and productivity benefits” to other parts of the Android ecosystem, including the kernel, firmware, Nearby Presence, critical first-party apps like Message Layer Security (MLS), and Chromium, which has replaced its PNG, JSON, and web font parsers with Rust’s memory-safe implementations.
He further stated that memory safety features built into programming languages are only one part of a comprehensive memory safety strategy, emphasizing the need for a defense-in-depth approach.
As an example, Google highlighted the discovery of a memory safety vulnerability (CVE-2025-48530, CVSS score: 8.1) in CrabbyAVIF, an insecure AVIF (AV1 image file) parser/decoder implementation in Rust, that could potentially lead to remote code execution. This linear buffer overflow flaw was never publicly disclosed, but was patched by Google as part of the August 2025 Android security update.
Further analysis of this “near-miss” vulnerability revealed that it is made unexploitable by Scudo, Android’s dynamic user-mode memory allocator designed to address heap-related vulnerabilities such as buffer overflow, use-after-free, and double-free without sacrificing performance.
Google emphasized that insecure Rust is “already highly secure,” saying it has a significantly lower density of vulnerabilities than C or C++, and adding that incorporating “insecure” blocks of code into Rust does not automatically disable the programming language’s safety checks.
“While C and C++ are here to stay, and both software and hardware safety mechanisms remain important for defense-in-depth, the move to Rust is a different approach where a safer path is clearly more efficient,” the company said.
Source link
