Year after year, the major browser and operating-system vendors report the same number: roughly 70 percent of their serious security vulnerabilities are memory-safety bugs in C and C++. ARM Memory Tagging Extension attacks that number directly, in silicon, by giving every chunk of memory a small colored label and checking the label on every access. It is cheap enough to leave running in production, which is what makes it different from the tools that came before.
A memory-safety bug is what happens when a program touches memory it should not. The two big families are spatial bugs, where a read or write runs past the end of a buffer, and temporal bugs, where the program uses memory after it has been freed and possibly reused for something else. Use-after-free in particular has become the workhorse of modern exploitation, because a freed-and-reallocated object lets an attacker put their own data where the program still expects the old object.
Rewriting everything in a memory-safe language solves this at the source, and a lot of new code is being written that way. But the world runs on hundreds of millions of lines of existing C and C++ that will not be rewritten soon: kernels, media codecs, font parsers, cryptographic libraries, browser engines. MTE is aimed at that code. It does not require a rewrite. It requires a compatible chip and a tag-aware memory allocator.








