Re: [blink-dev] Re: Intent to Ship: Deprecate and remove Theora support.

Mon, 23 Oct 2023 10:02:23 -0700 

On 10/23/23 11:54 AM, Dale Curtis wrote:
Hmm, not sure why the description got reflowed, here's the formatted version: 


Chrome will deprecate and remove support for the Theora video codec in 
desktop Chrome due to emerging security risks. Theora's low (and now 
often incorrect) usage no longer justifies support for most users.


Notes:
- Zero day attacks against media codecs have spiked.
- Usage has fallen below measurable levels in UKM.

- The sites we manually inspected before levels dropped off were 
incorrectly preferring Theora over more modern codecs like VP9.

Meaning, once Theora support is gone, video playback continues to work 
for all sites you inspected because media source selection found 
something else playable?

- It's never been supported by Safari or Chrome on Android.
- An ogv.js polyfill exists for the sites that still need Theora support.
- We are not removing support for ogg containers.


Our plan is to begin escalating experiments turning down Theora 
support in M120. During this time users can reactivate Theora support 
via chrome://flags/#theora-video-codec if needed.


The tentative timeline for this is (assuming everything goes smoothly):
- ~Oct 23, 2023: begin 50/50 canary dev experiments.
- ~Nov 1-6, 2023: begin 50/50 beta experiments.
- ~Dec 6, 2023: begin 1% stable experiments.

Even though UKM appears to be exceedingly low, if you're not 100% 
confident this will be a no-op, you might consider beginning the stable 
experiment after the new year (and many production freezes).

- ~Jan 8, 2024: begin 50% stable experiments.
- ~Jan 16th, 2024: launch at 100%.
- ~Feb 2024: remove code and chrome://flag in M123.
- ~Mar 2024: Chrome 123 will roll to stable.

- dale


On Mon, Oct 23, 2023 at 8:52 AM Dale Curtis <dalecur...@chromium.org> 
wrote:



            Contact emails

    dalecur...@chromium.org


            Explainer

    None


            Specification

    https://en.wikipedia.org/wiki/Theora


            Summary

    Chrome will deprecate and remove support for the Theora video
    codec in desktop Chrome due to emerging security risks. Theora's
    low (and now often incorrect) usage no longer justifies support
    for most users. Notes: - Zero day attacks against media codecs
    have spiked. - Usage has fallen below measurable levels in UKM. -
    The sites we manually inspected before levels dropped off were
    incorrectly preferring Theora over more modern codecs like VP9. -
    It's never been supported by Safari or Chrome on Android. - An
    ogv.js polyfill exists for the sites that still need Theora
    support. - We are not removing support for ogg containers. Our
    plan is to begin escalating experiments turning down Theora
    support in M120. During this time users can reactivate Theora
    support via chrome://flags/#theora-video-codec if needed. The
    tentative timeline for this is (assuming everything goes
    smoothly): - ~Oct 23, 2023: begin 50/50 canary dev experiments. -
    ~Nov 1-6, 2023: begin 50/50 beta experiments. - ~Dec 6, 2023:
    begin 1% stable experiments. - ~Jan 8, 2024: begin 50% stable
    experiments. - ~Jan 16th, 2024: launch at 100%. - ~Feb 2024:
    remove code and chrome://flag in M123. - ~Mar 2024: Chrome 123
    will roll to stable.



            Blink component

    Internals>Media>Codecs
    
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3EMedia%3ECodecs>


            Search tags

    theora <https://chromestatus.com/features#tags:theora>, vp3
    <https://chromestatus.com/features#tags:vp3>, video
    <https://chromestatus.com/features#tags:video>


            TAG review

    None


            TAG review status

    Not applicable


            Risks



            Interoperability and Compatibility

    Sites which only provide a Theora video source will no longer have
    video playback. These sites would already be broken in Chrome for
    Android or Safari.



    /Gecko/: Under consideration Private discussions. I asked if
    they'd like an RFP for this, but haven't yet heard back.

    /WebKit/: Shipped/Shipping (https://caniuse.com/ogv) Safari never
    shipped support for Theora.

    /Web developers/: Mixed signals Most developers are not likely to
    have an opinion, some may lament the loss of one of the first open
    codecs on the web.

    /Other signals/:


            Security

    Security positive change -- removes support for a complicated
    binary parsing and decoding mechanism.



            WebView application risks

    Does this intent deprecate or change behavior of existing APIs,
    such that it has potentially high risk for Android WebView-based
    applications?

    None, never supported on Android or WebView.



            Debuggability

    Can be debugged through media dev tools or chrome://media-internals.



            Will this feature be supported on all six Blink platforms
            (Windows, Mac, Linux, Chrome OS, Android, and Android
            WebView)?

    Yes

    Not currently supported on Chrome for Android.



            Is this feature fully tested by web-platform-tests
            
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?

    Yes

    As part of pre-work, I've switched all tests using Theora (of
    which there were hundreds) over to using VP8/VP9 where appropriate.



            Flag name on chrome://flags

    TheoraVideoCodec


            Finch feature name

    TheoraVideoCodec


            Requires code in //chrome?

    False


            Tracking bug

    https://bugs.chromium.org/p/chromium/issues/detail?id=1489034


            Estimated milestones

    DevTrial on desktop         120



            Anticipated spec changes

    Open questions about a feature may be a source of future web
    compat or interop issues. Please list open issues (e.g. links to
    known github issues in the project for the feature specification)
    whose resolution may introduce web compat/interop risk (e.g.,
    changing to naming or structure of the API in a
    non-backward-compatible way).

    None


            Link to entry on the Chrome Platform Status

    https://chromestatus.com/feature/5158654475239424

    This intent message was generated by Chrome Platform Status
    <https://chromestatus.com/>.

--

You received this message because you are subscribed to the Google 
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPUDrweFkY_XTZGDJafQ9RpT7V84WSBsoNMe5XcG6z_XN8XG2g%40mail.gmail.com 
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPUDrweFkY_XTZGDJafQ9RpT7V84WSBsoNMe5XcG6z_XN8XG2g%40mail.gmail.com?utm_medium=email&utm_source=footer>.


--
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/8bcf0d7f-8dfa-466c-a6b5-602c9fed7682%40chromium.org.






















					Reply via email to