It looks like researchers at Google have created the Holy Grail: Native Client, a framework that allows untrusted, native, possibly hostile x86 code to run securely in a browser.
Here's the paper:
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
They are also offering a contest to find any security vulnerabilities. The first prize is $8,192. It finishes May 5.
If this makes it into the mainstream, it is going to revolutionize web applications. No more lame, slow-ass websites that fail to provide a quarter of the performance and capability of native applications. If Native Client becomes widespread, web applications are going to be full-fledged, and there is not going to be any reason any more to write installable native applications. Editors, spreadsheets, games, development tools, image manipulation software: they are all going to run in browsers. And I don't mean lame-ass browser versions, like we have today. I mean real, high-performance editors, spreadsheets, games, development environments.
Kudos to Google for this. I was considering the same idea, but by the time I was shelving it as probably too error-prone / too difficult, they were apparently already halfway there.
Great work. I hope this makes it to our desktops ASAP.
Hat tip to Ben Laurie.