Comment by fsflover
5 hours ago
> trustable image decoder
This may never exist, since all software have bugs. Instead, you can isolate opening your pictures into a different VM, keeping this VM safe.
> what web browsers actually do
Haven't we seen related vulnerabilities?
> This may never exist
It's existed for years. https://chromium.googlesource.com/chromium/src/+/HEAD/third_...
Similarly, the JPEG XL decoder Chromium integrated is written in Rust, eliminating large classes of exploitable errors.
> Haven't we seen related vulnerabilities?
Repeatedly. That's why browser vendors are careful about adding new image decoders, and no, Qubes does not solve the problem.