Browsers run it in a sandbox process together with allocator hardening. Most of the bugs then are just crashed of the sandbox
replyAnother option is WASM or WASM-style sandboxes if using another process is undesirable.
One chained sandbox escape away from compromise.
replyAhah
replyBut are the compiler+OS that runs the ffmpeg executable really a sandbox ?
For executables on Linux there are things like bubblewrap or firejail. One can also use a restrictive container. But those are strictly weaker than browser sandboxes.
replyThe most secure way presently is to use qubes-os that allows to use a very hardened VM to run individual applications.
Which is of course better than zero sandbox escapes.
replydeleted
reply