One thing about this that I don't understand is how they intend to validate memory without controlling the entire stack (which we aren't even 1% close to achieving on the desktop). If I poke /dev/mem, does that mean Chrome will have to validate every single byte of it's ram? Or does it rely on having a fully locked down environment (maybe feasible on phones).