I wonder, seeing the immense growth in 2023/2024, how that correlates with the ladybird project, which officially started in 2024.
Could Manifest v3 be the reason we have so much fresh air blowing in the browser ecosystem or does it just stem from a general unhappiness of said ecosystem?
I think that Ladybird has driven a lot of the effort, otherwise we'd just see browsers continuing to use Chromium with backports to allow v2 being worked on.
Ladybird was already progressing rapidly within SerenityOS well before it was officially launched, and I think that's given people a new inspiration for how plausible it is to create a browser from scratch. I'm really pleased we're seeing Servo having a resurgence too.
It’s indeed rapidly progressing feature-wise, but I have yet to see an explanation for how they intend to manage security once market adoption happens.
Ladybird is written in C++, which is memory-unsafe by default (unlike Rust, which is memory-safe by default). Firefox and Chrome also use C++, and each of them has 3-4 critical vulnerabilities related to memory safety per year, despite the massive resources Mozilla and Google have invested in security. I don’t understand how the Ladybird team could possibly hope to secure a C++ browser engine, given that even engineering giants have consistently failed to do so.
> Firefox and Chrome also use C++, and each of them has 3-4 critical vulnerabilities related to memory safety per year, despite the massive resources Mozilla and Google have invested in security.
And part of Firefox/Chromes security effort has been to use memory safe languages in critical sections like file format decoders. They're far too deeply invested in C++ to move away entirely in our lifetimes, but they are taking advantage of other languages where they feasibly can, so to write a new browser in pure C++ is a regression from what the big players are already doing.
I just checked out Servo, and like all browsers it has a VERY large footprint of dependencies (notably GStreamer/GOject, libpng/jpeg, PCRE). Considering browsers have quite the decent process isolation (the whole browser process vs heavily sandboxed renderer processes), I wonder how tangible the Rust advantage turns out to be.
I just looked at the top CVEs for chrome in 2025. There are 5 which allow excaping the sandbox, and the top ones seem to be V8 bugs where the JIT is coaxed into generating exploitable code.
One seems to be a genuine use-after-free.
So I can echo what you wrote about the JS engine being most exploitable, but how is Rust supposed to help with generating memory-safe JITed code?
I know they have said that. But it feels a bit strange to me to continue to develop in C++ then, if they eventually will have to rewrite everything in Swift. Wouldn't it be better to switch language sooner rather than later in that case?
Or maybe it doesn't have to take so much time to do a rewrite if an AI does it. But then I also wonder why not do it now, rather than wait.
That is the plan, but they are stalled on that effort by difficulties getting Swift's memory model (reference counting) to play nice with Ladybird's (garbage collection)
I think there was some work with the Swift team at Apple to fix this but there haven't been any updates in months
I know that that’s the plan, but I believe it when I see it. Mozilla invented entire language features for Rust based on Servo’s needs. It’s doubtful whether a language like Swift, which is used mostly for high-level UI code, has what it takes to serve as the foundation of a browser engine.
The increased activity came from Igalia who started working on Servo in 2023 with support from the Linux Foundation. Prior to that the project was effectively dead in the water with no sponsored development.
But the question still remains, why did Igalia pick up a dead project?
I doubt you'd invest that kind of money/time into a project without a good reason. I am not saying that ladybird or manifest v3 are the reason, I just notice a lot of new energy in the not-just-chrome category and wonder what the other reasons might be.
Andreas Kling is pretty open about his reasons to have started the ladybird project and I just know Servo from his monthly videos and a few other sidenotes, so I was surprised that it gained so much traction after being basically dead.
> But the question still remains, why did Igalia pick up a dead project?
Igalia is generally pro open-source, and Servo certainly aligns with their ethos, but a lot of the money came from Futurewei / Huawei who are interested in Servo because it's not US based, and therefore they are actually able to contribute to it (they are effectively banned from contributing to Chrome/Firefox/Safari due to US sanctions). There is now also funding from the Sovereign Tech Fund who are also interested in a "European browser" (and NLnet, but they fund all sorts of things)
As I understand it, funding was provided by NLnet[1], a longstanding Dutch non-profit that focuses on supporting open internet technologies. The funding was provided specifically for reviving Servo. By the looks of it, the money itself mostly comes from the EU, which has various grant programmes to fund open access technology, digital sovereignty, etc. Given several Servo contributors worked for Igalia, I expect they submitted a proposal to NLnet for them to fund Servo development, and it was successful.
Could Manifest v3 be the reason we have so much fresh air blowing in the browser ecosystem or does it just stem from a general unhappiness of said ecosystem?