Hi,
The Blink Style & Fonts, Google Fonts and Skia teams have been collaborating on Fontations, a secure set of font processing libraries written in Rust. We integrate Fontations into Chrome and use it in a new Skia font backend meant as a secure replacement for our usage of FreeType. The Fontations integration is available for testing in Chromium Canary behind chrome://flags/#enable-fontations-backend .
Our goals with Fontations are to improve Chrome’s security posture in font processing, enable unsandboxing of font related tasks, as well as to develop a high-performance, modern, extendable, and unified font stack for Chrome, Android, and Google Fonts' production tools.
Tentative Rollout Plan
I wanted to provide an update on our tentative rollout plan in Blink and Chrome:
Rollout steps:
- Initial limited rollout, less used formats on all platforms (within 1-2 weeks): First we will enable Fontations for web fonts of font formats which account to a small portion of overall web font instantiations in content: These are COLRv0, COLRv1, CFF2, CBDT/CBLC, and SBIX fonts. We will enable the new backend only for situations where we currently use FreeType (as opposed to the system rasterisers which we use for COLRv0 and SBIX in some situations). These are situations which do not rely on TrueType autohinting (which is work-in-progress atm)
- Expand to common formats on Linux: After monitoring for regressions and completing TrueType autohinting, we'll expand Fontations usage to variable and static monochromatic TrueType web fonts on Linux.
- Extend to Android: Extend step 2 to Android.
- Extend to Windows and Mac in situations where we use FreeType for variable fonts if the system rasteriser does not support it.
After that, in subsequent steps we plan to roll out the Fontations font stack for system fonts in content, for Android, Linux and ChromeOS and for the Chrome UI. I will go into more details on that in an update at a later stage.
A big thanks to all collaborators and supporters:
Google Fonts: Rod Sheeter, Chad Brokaw, Colin Rofls, Cosimo Lupo
Skia: Heather Miller, Brian Osman, Ben Wagner, Julia Lavrova, Kaylee Lubick
Chrome Security: Adrian Taylor, Dana Jansens, Łukasz Anforowicz,
Blink Rendering: Chris Harrelson, Philip Jägenstedt
Please get in touch if you any questions,
Dominik