[bethekidyouwant]

How does the browser use it ?unless they mean there’s a zero day in libavcodec

[fpoling]

Browsers run it in a sandbox process together with allocator hardening. Most of the bugs then are just crashed of the sandbox

Another option is WASM or WASM-style sandboxes if using another process is undesirable.

[johnnythunder]

One chained sandbox escape away from compromise.

[loeg]

Which is of course better than zero sandbox escapes.

[ttoinou]

Ahah

But are the compiler+OS that runs the ffmpeg executable really a sandbox ?