That really depends on the degree of threat introduced by the program, not limited to Go programming language. In other words, you’re asking an open-ended, human error, nip-picking, system-admin question targeted at operating system.
Say for any application messing with I/O control unit (e.g. /proc
in GNU/Linux interface) and there are no defense programming practices at all, you have an hardware level security threat that may fry hardware depending on circuitry design.
Say for you intentionally wrote a kernel module that does memory leak, then the operating system is intended to crash and burn.
Say for an application is running on an non-hardened GNU/Linux operating system where resources are not bounded (see: user65369 replies in Limit memory usage for a single Linux process - Unix & Linux Stack Exchange), then the entire system is vulnerable to resources fatigue threats.
This goes on as “he said, she said” Q&A as we assess each security threats.
Depending on operating system, say GNU/Linux (sorry if I’m biased mainly because I’m specialized in it), the OS and kernel itself has its mechanism to decide what program to kill and disallow any user space application (regardless what languages you’re using) to avoid crashing the entire OS, including memory leak.
However, there is an exception: if it is something critical like kernel module, other processes kicks in such as open review your kernel module’s source codes, defensive programming, strict coding habits, and etc to help defending the stability of the OS.
The reason JVM was designed was to ensure Java program is portable under a unified “ABI” as an alternative to compiled codes like C/C++. That was for historical reason where containerization and sand-boxing concepts weren’t even proven working and cross-compile was a nightmare.
Today, we got many containerization and sand-boxing technologies at our disposal that a single complied Go program would work great and resources are readily available for easy integration. If you’re serious about security especially memory bounding, you would want to set it at operating system level rather than a language-specific VM alone, or be religious about a language.