[jsheard]

That's why both Mozilla and Google have predicated their JXL support on a memory-safe implementation. There's a Rust one in the works.

I think Google are aiming to replace all of Chromiums decoders with memory-safe ones anyway, even for relatively simple formats.

[philistine]

If that's their plan, I predict another situation exactly like this one where Google decides that removing support is the best move forward. Careful, BMP, Chrome is out to get you!

[nine_k]

BMP decoding may seem easy and fun (I wrote a toy decoder back in the day), but the vulnerabilities are real: https://nvd.nist.gov/vuln/detail/CVE-2025-32468

It's not the format, it's the C / C++ unfortunate baggage.

[mdriley]

Happy to report the BMP work is actually being done by our friends on the Edge team at Microsoft! https://chromium-review.googlesource.com/c/chromium/src/+/72...

[foresterre]

This actually seems to use the encoder/decoder from the Rust image crate (1), which would bring the opportunity for more memory safe formats once BMP would be accepted.

(1) https://crates.io/crates/image