Webm/Webp Security Vulnerability

SatinAndIvory

SatinAndIvory

Newbie
Jan 22, 2023
44
44
I'm kinda retarded when it comes to tech security, but I heard there was a major security vulnerability regarding using webp a month ago. Given that I am a dev and was going to use webp and webm to distribute my VN's images, have the issues been resolved, are they something we don't have to worry about, or should I steer clear of using webp/webm for now? What alternative formats could I use that are good for compressed images and video if so?
 
Satori6

Satori6
Game Developer
Aug 29, 2023
503
1,113
webp doesn't look better than, say, png, and with modern speed connections, the load time of either is instantaneous, and we have more storage capacity than we'll ever need: it doesn't make a difference for users.

Websites use those formats because they save money by serving smaller files, so unless you're hosting the game online and you're expecting such a massive amount of traffic that asset loading will impact the cost of your plan, there shouldn't be a reason to use those formats at all.

That said, any browser worth a thing patched the vulnerability as soon as it was reported. Of course, there's always the chance that more vulnerabilities will be found in the future.
 
  • Angry
Reactions: mrmcfappen
SatinAndIvory

SatinAndIvory

Newbie
Jan 22, 2023
44
44
Satori6 said:
webp doesn't look better than, say, png, and with modern speed connections, the load time of either is instantaneous, and we have more storage capacity than we'll ever need: it doesn't make a difference for users.

Websites use those formats because they save money by serving smaller files, so unless you're hosting the game online and you're expecting such a massive amount of traffic that asset loading will impact the cost of your plan, there shouldn't be a reason to use those formats at all.
Click to expand...
I wouldn't say it "doesn't make a difference for users". There's a lot of people who throw hissy fits when your game comes out to be 4gb when it could've easily been 300mb had you used a format that was more compressed. You also have to keep in mind that hosting games on websites with size limits and daily download caps means the difference between being able to use them to host your game downloads or not.
 
  • Like
Reactions: mrmcfappen, disturb-o-matic and Meushi
Cosy Creator

Cosy Creator

Member
Game Developer
Dec 11, 2022
458
3,447
Satori6 said:
webp doesn't look better than, say, png, and with modern speed connections, the load time of either is instantaneous, and we have more storage capacity than we'll ever need: it doesn't make a difference for users.

Websites use those formats because they save money by serving smaller files, so unless you're hosting the game online and you're expecting such a massive amount of traffic that asset loading will impact the cost of your plan, there shouldn't be a reason to use those formats at all.

That said, any browser worth a thing patched the vulnerability as soon as it was reported. Of course, there's always the chance that more vulnerabilities will be found in the future.
Click to expand...
itch.io has harsh size limitations (2GB), and they won't raise it unless you have a track record of developing your project and can prove to them all of the steps you've taken to reduce file size (image format and compression being high on the list). Beyond that, about 50% of players use android, which has limits on app size (around 4GB iirc?), and a lot of these users have mobile data caps.
 
Satori6

Satori6
Game Developer
Aug 29, 2023
503
1,113
Cosy Creator said:
itch.io has harsh size limitations (2GB), and they won't raise it unless you have a track record of developing your project and can prove to them all of the steps you've taken to reduce file size (image format and compression being high on the list).
Click to expand...
But that's just a single hosting site, right? I'm sure I've downloaded countless 5GB+ games from the more popularly used file hosts on this site, and I know that on itch.io devs usually just include download links instead of hosting it on that website.
 
anne O'nymous

anne O'nymous

I'm not grumpy, I'm just coded that way.
Modder
Donor
Respected User
Jun 10, 2017
10,957
16,191
SatinAndIvory said:
I'm kinda retarded when it comes to tech security, but I heard there was a major security vulnerability regarding using webp a month ago.
Click to expand...
Yes
You must be registered to see the links
.


SatinAndIvory said:
Given that I am a dev and was going to use webp and webm to distribute my VN's images, have the issues been resolved, are they something we don't have to worry about, or should I steer clear of using webp/webm for now?
Click to expand...
What... Do you even... I mean... No, seriously, what do you think vulnerabilities are exactly ?
Your computer will not blow to your face because you make WEBP images.
It's a vulnerability, not a bug, it need an intent and a voluntary process, to be exploited. While converting your image into WEBP format, you'll not involuntarily generate malicious code that will compromise your players' computer.
 
  • Like
Reactions: TessaXYZ, mrmcfappen and morphnet
M

mrmcfappen

Newbie
Sep 10, 2019
92
126
You can use
You must be registered to see the links
to batch convert your images to AVIF if you wish. Image quality is supposedly on par if not better than webp for the equivalent file size, and renpy supposedly supports the format. I never used the format, so I can't tell you my personal experience with it.
 
You must log in or register to reply here.
Top Bottom