Comment by capitainenemo

17 hours ago

Checking the Firefox bugs on this, it seems they decided to replace the C++ libjxl with a rust version which is a WIP, to address security concerns with the implementation. All this started a few months ago.

Maybe the zen fork is a bit older and still using the C++ one?

5 comments

capitainenemo

rkangel 3 hours ago

Google Chrome is using a Rust implementation. The existence and sufficient maturity of it is the reason they were willing to merge support in the first place.

bpbp-mango 5 hours ago

good. image parsing has produced so many bad RCEs.

capitainenemo 16 hours ago

... update. after reading the comments in the rust migration security bug, I saw they mentioned "only building in nightly for now"

I grabbed the nightly firefox, flipped the jxl switch, and it does indeed render fine, so I guess the rust implementation is functioning, just not enabled in stable.

... also, I see no evidence that it was ever enabled in the stable builds, even for the C++ version, so I'm guessing Zen just turned it on. Which... is fine, but maybe not very cautious.

awestroke 15 hours ago
zen browser is pretty much vibe coded
- nar001 1 hour ago
  
  Do you have any proof/more about this? I've never heard this claim and I'd like to know more