2020 was a rather unprecedented year. If our lives were paintings, it feels like whoever was painting the canvas for 2020 might have been knocked over by accident. And as they ended up with an extremely bad smudge, they went “oh well, looks like this is going to be one of those Jackson Pollock paintings!”

So yeah there was COVID, Lockdown, yada yada, the ripple effect went all the way down to cinemas shutting down. And as I was in Lagos Nigeria at the time, what that meant was, watching movies were strictly narrowed down to Netflix, Amazon Prime (most other streaming platforms don’t operate in Nigeria), and transfer of movie files via Hard Drive.

Usually, if I had to play a video from untrusted sources on my computer, I’d always resort to opening them with Chrome (literally with an html video tag and src pointing to the video’s local file path). Now for the case of video files transferred via Hard Drive, because I can not validate the original source of the videos, I would have a hard time shaking the thought that there may be some exploit laced into such video files that could compromise my computer the moment I play them. For that reason, I would feel uneasy about playing such videos with my favourite native video players such as VLC. I would still resort to the Chrome browser as mentioned above.
Why did I resort to using Chrome Browser you’d ask?

Enter the Chrome Sandbox

So Chrome is built with a Sandbox architecture which has a mighty security advantage (*whispers* but unfortunately also eats up your computer memory like a parasite).
Sandboxing is a technical term meaning to separate processes out into independent spaces to see how they function individually. Chrome handles its workload as a series of multiple processes rather than as part of one large browser process

The security advantage in sandboxing comes from how Chrome implements this feature in Windows. Chrome controls the access token for each process in Windows XP, Vista and Windows 7. On these operating systems, an access token for a process allows that process access to important information about your system, like its files and registry keys. Chrome intercepts each access token from the processes launched from the browser, and it modifies that token to limit its access to that information. So, in Windows, Chrome's sandboxing helps block Web pages that try to install malware, capture your personal information or obtain data from your hard drive

(excerpts from https://computer.howstuffworks.com/google-chrome-browser7.htm)


Back to 2020

So where were we? Right, playing untrusted video files with my browser via an HTML tag. This became a tiring mundane dance that I had to do too frequently as I watched more videos in the unending Lockdown. It also marred the experience as I was missing out on some valuable VLC player features (video subtitles, 400% volume, etc.).

In a bid to change that experience, I went ahead to just build up that plain HTML video tag into an actual browser video player with features similar to VLC.

Simple Video Player

SimpleVideoPlayer.com is an Open Source Video player that runs on the Browser. It strictly plays video files that exist on your local computer. It offers features similar to VLC such as amplified volume (you can increase volume to 400%), subtitle files (you can enable subtitles as you watch a video), keyboard controls (up and down for volume, etc.)


Asides from the security benefit from Chrome’s Sandbox, here are some other points that I consider as security advantages to playing video files with your browser:
1. If a video malware is crafted, it will most likely be crafted for popular native video players like VLC.
2. If a malware is crafted to cut across board and affect all kinds of players (including browsers), you are likelier to have your browser updated in time with the latest patch update (because Chrome auto-updates after launch). I hardly update my VLC player (and I’ll think it’s same for most other people), once I install it, that same version remains on my machine till I get a new one.

After building SimpleVideoPlayer in 2020, I had intended to write this article about the motive that led to it, but I never got around taking out the necessary time to do some research and validate my theories, so it never happened. I knew the Sandbox provided some kind of isolation that protected you from exploits, but I wasn’t certain if my theory was wrong somewhere in the details — where the devil lies. I still am not certain actually; Just the other day, I was having an argument with ChatGPT on which is safer and it insisted it’s better to watch your videos with VLC (see screenshots below).



But at the same time there was this old hacker news thread I found that specifically discussed the issue of VLC not emulating the chrome sandboxing approach after a VLC related vulnerability was disclosed.

So let me know what you think about the debate - is it safer to watch videos on Chrome because of its Sandbox feature, or is it safer to watch a video on VLC because it is more optimised for video playing.