Upcoming roll-out plans for the Rust-based secure font stack in Blink

211 views
Skip to first unread message

Dominik Röttsches

unread,
Jun 7, 2024, 10:37:30 AMJun 7
to blink-dev, Rod Sheeter, Chad Brokaw, Cosimo Lupo, Colin Rofls, Ben Wagner, Heather Miller, Brian Osman, Chris Harrelson, Philip Jägenstedt
Hi,

The Blink Style & Fonts, Google Fonts and Skia teams have been collaborating on Fontations, a secure set of font processing libraries written in Rust. We integrate Fontations into Chrome and use it in a new Skia font backend meant as a secure replacement for our usage of FreeType. The Fontations integration is available for testing in Chromium Canary behind chrome://flags/#enable-fontations-backend .

Our goals with Fontations are to improve Chrome’s security posture in font processing, enable unsandboxing of font related tasks, as well as to develop a high-performance, modern, extendable, and unified font stack for Chrome, Android, and Google Fonts' production tools.

Tentative Rollout Plan

I wanted to provide an update on our tentative rollout plan in Blink and Chrome:

Rollout steps:

  1. Initial limited rollout, less used formats on all platforms (within 1-2 weeks)First we will enable Fontations for web fonts of font formats which account to a small portion of overall web font instantiations in content: These are COLRv0, COLRv1, CFF2, CBDT/CBLC, and SBIX fonts. We will enable the new backend only for situations where we currently use FreeType (as opposed to the system rasterisers which we use for COLRv0 and SBIX in some situations). These are situations which do not rely on TrueType autohinting (which is work-in-progress atm)
  2. Expand to common formats on LinuxAfter monitoring for regressions and completing TrueType autohinting, we'll expand Fontations usage to variable and static monochromatic TrueType web fonts on Linux.
  3. Extend to Android:  Extend step 2 to Android.
  4. Extend to Windows and Mac in situations where we use FreeType for variable fonts if the system rasteriser does not support it.
After that, in subsequent steps we plan to roll out the Fontations font stack for system fonts in content, for Android, Linux and ChromeOS and for the Chrome UI. I will go into more details on that in an update at a later stage.

User Impact

From a user’s perspective, things stay the same almost 100%: none or only very minor changes in text rendering are expected. In some cases in fact rendering is expected to improve, for example for vector color fonts. We will only switch to Fontations in situations where we used FreeType before. At this stage, we do not intend to switch rendering from system rasterisers (CoreText, DirectWrite) where they are currently used.
 


Further references:

Chromestatus: https://chromestatus.com/feature/5717358869217280
Intro presentation: Crafting new Fontations for Chrome, ATypI 2024 Brisbane
Fontations on GitHub: https://github.com/googlefonts/fontations/
Chromium meta bug: https://issues.chromium.org/issues/40045339
Skia meta bug: https://issues.skia.org/issues/40045335


Thank you! 

A big thanks to all collaborators and supporters:
Google Fonts: Rod Sheeter, Chad Brokaw, Colin Rofls, Cosimo Lupo
Skia: Heather Miller, Brian Osman, Ben Wagner, Julia Lavrova, Kaylee Lubick
Chrome Security: Adrian Taylor, Dana Jansens, Łukasz Anforowicz,
Blink Rendering: Chris Harrelson, Philip Jägenstedt

Please get in touch if you any questions,

Dominik
Reply all
Reply to author
Forward
0 new messages