Going by the nickname of NaCl (salt, anyone?) is one of Google's
projects: Native Client. You can read about the details at
http://code.google.com/p/nativeclient/
but it can be summed up as a method for executing native x86 code from
within a browser. This places it somewhere between Java and ActiveX
(ploit). It's supposed to actually have conditions which need to be
met before code can execute (as opposed to ActiveX(ploit)'s sign-the-
code-and-go model), but isn't quite the relatively rigid execution
protocol used by Java. They've implemented Quake already, which
should give you some idea of what else might be possible.
I then happened upon a Matasano blog entry on this, and thought it
worth pointing out:
http://chargen.matasano.com/chargen/2009/8/27/the-security-implications-of-google-native-client.html
Fascinating reading... and it *IS* good to see that Skynet has noticed
Google. :-)
--
Alan