On Fri, Dec 12, 2025 at 1:34 AM Philip Jägenstedt <[email protected]> wrote:
> Hmm, I went to approve it in chromestatus as well, but > https://chromestatus.com/feature/5153489630134272 looks like it's not > been updated. Can you update that entry and then resend the email so that > entry and emails are properly linked? > > Sorry about that. I went ahead and entered 145 as the shipping milestone. And I set the Finch feature name. Is there any other information and/or fields that I should add to the Chrome status entry? > On Fri, Dec 12, 2025 at 10:32 AM Philip Jägenstedt <[email protected]> > wrote: > >> LGTM1, if it's not supported in Firefox or Safari and we cannot detect >> any usage via UMA, this is very likely safe from a web compat perspective. >> As long as it's Finch-controllable we can revert it if serious breakage >> does surface to give time for migration. >> >> On Thu, Dec 11, 2025 at 7:54 PM Łukasz Anforowicz <[email protected]> >> wrote: >> >>> Hello, >>> >>> BMP image decoder that ships in Chromium/Blink is capable of decoding >>> JPEG and/or PNG images embedded inside BMP (in addition to the typical RLE >>> or other basic BMP encodings). In >>> https://chromestatus.com/feature/5153489630134272 we propose to remove >>> this BMP extension, tracking this work with https://crbug.com/456842524. >>> >>> Answering the questions from >>> https://www.chromium.org/blink/launching-features/#feature-deprecations: >>> >>> - >>> >>> Why are we removing this feature?: >>> - >>> >>> Security: Since 2019, we've been presented with compelling >>> evidence >>> >>> <https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html> >>> that surprising and rarely-used support for nesting formats is a path >>> to >>> security bugs. Such a possibility is especially worrying for BMP, >>> which is >>> otherwise considered a pretty simple format. >>> - >>> >>> Code health: Removing code is expected to improve code health. >>> Additionally, removing this corner-case will simplify migrating >>> >>> <https://docs.google.com/document/d/1fc7KI1AhvCOLZhAStg_jIQLlCA3aCZP4vhgFlLn1ZTk/edit?usp=sharing> >>> the BMP decoder to a memory-safe language. >>> - >>> >>> Interoperability: >>> - >>> >>> Removing this BMP extension will improve >>> interoperability/consistency across browsers, because today only >>> Chrome >>> supports this BMP extension: >>> - >>> >>> Manual testing of browser support is possible by visiting >>> >>> https://entropymine.com/jason/bmpsuite/bmpsuite/html/bmpsuite.html >>> and looking at the result of rendering `q/rgb24jpeg.bmp` and >>> `q/rgb24png.bmp` >>> - >>> >>> Chrome 141.0.7390.134: rendered okay >>> - >>> >>> Support for JPEG/PNG-in-BMP was added >>> >>> <https://chromium-review.googlesource.com/c/chromium/src/+/1777120> >>> in 2019, in Chrome 78.0.3899.0 >>> >>> <https://chromiumdash.appspot.com/commit/8319e7a6dbe63b6ef04c3cfe75f0df1947b00fb0> >>> - >>> >>> IIUC there was no Blink Intent for this addition + the >>> main motivation was covering all files from the BMP test >>> suite (I note that >>> these 2 test inputs are in a “q” directory which was >>> expanded to >>> “questionable” when adding >>> >>> <https://chromium-review.googlesource.com/c/chromium/src/+/5269009> >>> the test inputs to Chromium). >>> - >>> >>> Firefox 143.0.4 and 144.0.2: not rendered >>> - >>> >>> Safari 18.6: not rendered >>> - >>> >>> There is no official spec: >>> - >>> >>> >>> >>> https://developer.mozilla.org/en-US/docs/Web/Media/Guides/Formats/Image_types >>> >>> <https://developer.mozilla.org/en-US/docs/Web/Media/Guides/Formats/Image_types#bmp_bitmap_file> >>> says: >>> - >>> >>> “No specification; however, Microsoft provides general >>> documentation of the format at >>> docs.microsoft.com/en-us/windows/desktop/gdi/bitmap-storage >>> ” >>> - >>> >>> “Warning: You should typically avoid using BMP files >>> for website content. The most common form of BMP file >>> represents the data >>> as an uncompressed raster image, resulting in large file >>> sizes compared to >>> png or jpg image types. More efficient BMP formats exist but >>> are not widely >>> used, and rarely supported in web browsers.” >>> - >>> >>> “Theoretically, several compression algorithms are >>> supported, and the image data can also be stored in JPEG or >>> PNG format >>> within the BMP file.” >>> - >>> >>> >>> >>> https://learn.microsoft.com/en-us/windows/win32/gdi/jpeg-and-png-extensions-for-specific-bitmap-functions-and-structures >>> says: >>> - >>> >>> “This [JPEG-and-PNG-in-BMP] extension is not intended as >>> a means to supply general JPEG and PNG decompression to >>> applications, but >>> rather to allow applications to send JPEG- and >>> PNG-compressed images >>> directly to printers having hardware support for JPEG and >>> PNG images.” >>> - >>> >>> What is the cost of removing this feature? >>> - >>> >>> No usage has been registered via a recently added UMA data: >>> https://crbug.com/452667935 >>> - >>> >>> UMA data gathered in https://crbug.com/452667935 for M143 >>> shows no usage in Canary/Dev, Beta, not Stable release channels >>> (not just >>> minimal usage, but no usage whatsoever) >>> - >>> >>> UMA data can have blind spots (users that do not enable UMA), >>> but this seems like an acceptable risk >>> - >>> >>> When will the feature be removed? >>> - >>> >>> We propose to remove support for this BMP extension in Chrome 145 >>> (which is tentatively scheduled to branch on January 12, 2026, and >>> release >>> to the Stable channel on Feb 10, 2026). >>> - >>> >>> What is the suggested alternative? >>> - >>> >>> Please use PNG and/or JPEG images **directly** rather than >>> embedding them inside a BMP format. >>> >>> >>> Other notes: >>> >>> - >>> >>> We don’t plan to explicitly coordinate with other web rendering >>> engines, because other browsers do not support this feature. >>> - >>> >>> We don’t plan for a deprecation period, because there is no known >>> usage (based on UMA <https://crbug.com/452667935>) and explicit >>> warnings (on Mozilla Developer Network >>> >>> <https://developer.mozilla.org/en-US/docs/Web/Media/Guides/Formats/Image_types#bmp_bitmap_file>) >>> advise against using BMP in general, and this BMP extension specifically >>> (calling it only “theoretically supported”) >>> >>> >>> Best regards, >>> >>> Lukasz Anforowicz (on behalf of the Chrome Memory Safety and the Skia >>> teams) >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK7BWekqoM-92v_%2B5Cu1HroB7zhM1uGDh6kH9gOiyfyi7RO%2B8A%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK7BWekqoM-92v_%2B5Cu1HroB7zhM1uGDh6kH9gOiyfyi7RO%2B8A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA_NCUEKovTrNh%3DWRXP7vbP59ivYS3HcauJevD68PmW02bTtVQ%40mail.gmail.com.
