|
|
|
|
|
|
by fsflover
156 days ago
|
|
|
> trustable image decoder This may never exist, since all software have bugs. Instead, you can isolate opening your pictures into a different VM, keeping this VM safe. > what web browsers actually do Haven't we seen related vulnerabilities? |
|
|
It's existed for years. https://chromium.googlesource.com/chromium/src/+/HEAD/third_...
Similarly, the JPEG XL decoder Chromium integrated is written in Rust, eliminating large classes of exploitable errors.
> Haven't we seen related vulnerabilities?
Repeatedly. That's why browser vendors are careful about adding new image decoders, and no, Qubes does not solve the problem.