[xp84]

Are video codecs in the present day able to be sandboxed? In my fantasies at least I’d like the worst a malicious video file can do is cause garbage output or cause the codec to crash.

Forgive the ignorance, I have worked entirely in the abstracted layers of the stack, and mostly web.

[adgjlsfhk1]

not really. they're mostly pure assembly and sandboxing assembly isn't really a things

[nullpoint420]

yes it is. all modern operating systems sandbox assembly. that's how it works.

[LoganDark]

Windows may use virtualization-based security by default, but I'm not aware of macOS or Linux doing the same -- Apple builds security directly into the silicon such that no virtualization is required, and Linux just rawdogs everything.

Whether that counts is up to you. I suppose it's still "sandboxed" in that it runs in a less privileged context than the kernel.