This feature defines an API surface for manipulating raw media carried by MediaStreamTracks such as the output of a camera, microphone, screen capture, or the decoder part of a codec and the input to the decoder part of a codec. It uses WebCodecs interfaces to represent raw media frames and exposes them using streams, similarly to the way the WebRTC Insertable Streams spec exposes encoded data from RTCPeerConnections.
The motivation for this feature is to support some of the use cases described in WebRTC Next Version Use Cases in a more ergonomic or efficient way than existing approaches. More specifically: * Funny Hats: Refers to manipulation of media to provide effects such as background removal, funny hats, echo detection, voice effects. * Machine Learning: Refers to applications such as real-time object identification/annotation.
As with all new features, the main interoperability risk is that other browsers do not implement it. There is no compatibility risk since the existing behavior is unaffected if the feature is not used.
Hello Guido,We've discussed your intent within security + privacy teams.We would be happy to see the explainer and the specification to be completed.Moreover, adding a security and privacy considerations would be helpful. For instance:
- How does this deal with same-origin policy exactly? Can this be used to transform a cross-origin video stream?
- Is there a chance for data exfiltrations, GPU profiling, knowing what are the supported codecs, etc...?
- Can this be used to potentially exploit existing encoder/decoder vulnerabilities more easily? Is it a problem?
- Is there use case for supporting this with screen capture?
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6bcadc88-1383-4644-b7a3-e3ad93877955n%40chromium.org.
Hope this helps! I'll try to get the same answers into a security and privacy considerations section Real Soon Now. ~[Harald Alvestrand]
- How does this deal with same-origin policy exactly? Can this be used to transform a cross-origin video stream?
At the moment, MediaStreamTracks aren't transferable between origins, so cross-origin MediaStreamTracks don't exist.
I believe (but need to check) that VideoFrames are origin-tagged, just like Canvas, so that if one transfers them to a different origin, they become displayable but not accessible. ~[Harald Alvestrand]
- Is there use case for supporting this with screen capture?
A MediaStreamTrack produced from screen capture will be able to be processed using this API, but I don't believe there will be any new vulnerabilities compared to painting the same track on a canvas through a video element. ~[Harald Alvestrand]