Considering the vast amount of exploits that continually comes out of media decoders everywhere, this basically guarantees I will never ever use this browser.
Edit: Seems like it's using OpenBSD's pledge API? https://www.youtube.com/watch?v=bpRw6KQnY0k&t=8107s
It’s like crypto, you have to be very deliberate with your choices, and it’s generally ill-advised to roll your own.
Otherwise how would new/better stuff ever get built?!
> Otherwise how would new/better stuff ever get built?!
The problem here is that people are salivating to use this as their daily driver. When WireGuard was still in development, everyone got told in very strong terms to not use it in any setting that required actual security.
Browsing the web at large is sort-of hostile by default.
Ladybird is a great project, and I hope it keeps developing, but any user that thinks their media decode libraries will be bulletproof libs free of vulnerabilities are nuts.
There would be absolutely nothing sacrificed by using open source, well-tested libs for image decode.
Just because something is widely used doesn't mean it's more secure (example: libwebp). The security issues tend to happen mostly when creating optimizations that bypass the "obviously secure" way to do things, but rely on an internal state that gets broken by another optimization down the line. This is way less frequent in "smaller" projects, just because they didn't need to go through that round of optimizations yet.
For this question specifically, tho, I think Ladybird is extremely interesting in terms of creating a security-focuses C++ project. Between the constant fuzzing that each part of Ladybird already goes under (courtesy of the OSS-Fuzz initiative), the first-class citizenship of process separation for the different features of the browser, the modern C++ used in Ladybird (that prevents a lot of the issues cropping up in commonly used media decoding libraries), the overall focus on accuracy over performance in library implementations, and the compiler-level sanitatization utils (UBSAN, ASAN) that are enabled-by-default, I think it's less likely that an critical security-impacting bug would exists in Ladybird's .ico support than in Webkit's for example.
Don’t get me wrong, how far they’ve gotten is very laudable and as a educational exercise it is really cool, but it starts being a pretty massive risk if users start using this as a daily driver.
Small scrappy team writing simple and consice code from scratch is likely to produce fewer bugs than enterprisey monstrosities.
