Intent to deprecate and remove: BMP extension for decoding JPEG/PNG-embedded-in-BMP
Łukasz Anforowicz
Hello,
BMP image decoder that ships in Chromium/Blink is capable of decoding JPEG and/or PNG images embedded inside BMP (in addition to the typical RLE or other basic BMP encodings). In https://chromestatus.com/feature/5153489630134272 we propose to remove this BMP extension, tracking this work with https://crbug.com/456842524.
Answering the questions from https://www.chromium.org/blink/launching-features/#feature-deprecations:
Why are we removing this feature?:
Security: Since 2019, we've been presented with compelling evidence that surprising and rarely-used support for nesting formats is a path to security bugs. Such a possibility is especially worrying for BMP, which is otherwise considered a pretty simple format.
Code health: Removing code is expected to improve code health. Additionally, removing this corner-case will simplify migrating the BMP decoder to a memory-safe language.
Interoperability:
Removing this BMP extension will improve interoperability/consistency across browsers, because today only Chrome supports this BMP extension:
Manual testing of browser support is possible by visiting https://entropymine.com/jason/bmpsuite/bmpsuite/html/bmpsuite.html and looking at the result of rendering `q/rgb24jpeg.bmp` and `q/rgb24png.bmp`
Chrome 141.0.7390.134: rendered okay
Support for JPEG/PNG-in-BMP was added in 2019, in Chrome 78.0.3899.0
IIUC there was no Blink Intent for this addition + the main motivation was covering all files from the BMP test suite (I note that these 2 test inputs are in a “q” directory which was expanded to “questionable” when adding the test inputs to Chromium).
Firefox 143.0.4 and 144.0.2: not rendered
Safari 18.6: not rendered
There is no official spec:
https://developer.mozilla.org/en-US/docs/Web/Media/Guides/Formats/Image_types says:
“No specification; however, Microsoft provides general documentation of the format at docs.microsoft.com/en-us/windows/desktop/gdi/bitmap-storage”
“Warning: You should typically avoid using BMP files for website content. The most common form of BMP file represents the data as an uncompressed raster image, resulting in large file sizes compared to png or jpg image types. More efficient BMP formats exist but are not widely used, and rarely supported in web browsers.”
“Theoretically, several compression algorithms are supported, and the image data can also be stored in JPEG or PNG format within the BMP file.”
“This [JPEG-and-PNG-in-BMP] extension is not intended as a means to supply general JPEG and PNG decompression to applications, but rather to allow applications to send JPEG- and PNG-compressed images directly to printers having hardware support for JPEG and PNG images.”
What is the cost of removing this feature?
No usage has been registered via a recently added UMA data: https://crbug.com/452667935
UMA data gathered in https://crbug.com/452667935 for M143 shows no usage in Canary/Dev, Beta, not Stable release channels (not just minimal usage, but no usage whatsoever)
UMA data can have blind spots (users that do not enable UMA), but this seems like an acceptable risk
When will the feature be removed?
We propose to remove support for this BMP extension in Chrome 145 (which is tentatively scheduled to branch on January 12, 2026, and release to the Stable channel on Feb 10, 2026).
What is the suggested alternative?
Please use PNG and/or JPEG images **directly** rather than embedding them inside a BMP format.
Other notes:
We don’t plan to explicitly coordinate with other web rendering engines, because other browsers do not support this feature.
We don’t plan for a deprecation period, because there is no known usage (based on UMA) and explicit warnings (on Mozilla Developer Network) advise against using BMP in general, and this BMP extension specifically (calling it only “theoretically supported”)
Best regards,
Lukasz Anforowicz (on behalf of the Chrome Memory Safety and the Skia teams)
Philip Jägenstedt
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK7BWekqoM-92v_%2B5Cu1HroB7zhM1uGDh6kH9gOiyfyi7RO%2B8A%40mail.gmail.com.
Philip Jägenstedt
Christian Biesinger
--
Łukasz Anforowicz
Hmm, I went to approve it in chromestatus as well, but https://chromestatus.com/feature/5153489630134272 looks like it's not been updated. Can you update that entry and then resend the email so that entry and emails are properly linked?
Daniel Bratell
LGTM2 - It seems to have ended up on our lists in chromestatus when I put my LGTM there, but you should also trigger the other reviews (or make them N/A if you think that is appropriate). Privacy, testing, enterprise, and so on.
I guess there is a non-zero risk that there is some important application using this but the risk must be extremely close to zero. I don't even know of a way to create such files, and quickly searching the web didn't tell me anything either.
/Daniel