I wonder how hard it will be to retrofit CHERI support into Windows, macOS, and Chromium, so we can have a new defense against browser sandbox escapes, making remote browser isolation products irrelevant.
>>mwcamp+(OP)
Windows is likely a big task for the same reasons as SMAP (https://github.com/microsoft/MSRC-Security-Research/blob/mas...). XNU should be comparable to FreeBSD, which CheriBSD is a fork of, as both use Mach's VM for memory management and have a bunch of shared code in various places, but userspace is more of an unknown quite how much effort it'd be (you'll need to port Objective-C and, now, Swift, for example). For Chromium we have ported WebKit, so I'd imagine Blink isn't too dissimilar. V8 is likely interesting, though we have a version of WebKit's JSC JIT for Morello, which gives confidence in V8 being doable.
>>mwcamp+(OP)
That is already slowly happening on the versions that have access to ARM hardware memory tagging and pointher authentication, specially on iOS and Android.
Solaris on SPARC has about one decade of experience via Application Data Integrity.
And Unisys ClearPath MCP memory tagging architecture goes back to its Burroughs B5500 roots.
Also in case you missed it, Microsoft is one of the CHERI sponsors.