I asked Proton support for information on the current status on the investigation into this memory safety issue. Here is the reply I received today:
Hello,
Thank you for reaching out to us!
Kindly note that there are unfortunately no updates regarding this. Our team is currently busy at the moment with other more prioritized matters, but they will hopefully take a closer look in the upcoming period.
Have a nice day!
Kind regards,[removed name]
Customer Support
Proton VPN
Let's hope that "more prioritized matters" implies fixing other, and perhaps more serious, privacy and security issues. What's certain is that the public knows virtually nothing about their investigation into the issue – which was first reported to them at least 8 months ago. The bug might be related to this Go issue, which Mullvad seems to have already worked around. Not clear if Proton knows about this…