[etix]

A media player is rarely that simple. Before writing to the GPU you have to access the content (file, network), demux, then decode and finally display.

The most dangerous areas are the demuxers and decoders so they have to be sandboxed.

So yes, you're right, but this doesn't solve the problem of moving the buffers between processes.

[johncolanduoni]

You can share file handles/sockets on Windows/OSX/Linux via IPC without giving the renderer process the ability to open the files/sockets themselves.

[jbk]

But that's just ONE of the issues. The issue here is that the decoder/parser is in a process that has a too many privileges...