The intent does seem to be to completely replace the C/C++ code in HarfBuzz and FreeType in Android and Chrome, which would be a massive win for security. Numerous other HarfBuzz/FreeType users such as Firefox and all the Linux desktop would also benefit.
Curiously, Microsoft is rewriting their proprietary font parsing code in Rust as well: https://redd.it/12yg3cp
This makes a ton of sense given how complex text rendering is, and the history of high-severity CVEs since text rendering is so exposed with things like web fonts and PDF embedding. I’d bet Apple is looking into that as well as they’ve certainly had their share of vulnerabilities, too.
The author of HarfBuzz has published [State of Text Rendering 2024](https://behdad.org/text2024/), where he [describes](https://docs.google.com/document/d/1UnR2zKf3Z_DDRS6vLgBkSHUe...) the ongoing rewrite of the entire open-source text rendering stack in Rust which is funded by Google Fonts.
The motivations for it are laid out at https://github.com/googlefonts/oxidize, and the actual code is at https://github.com/googlefonts/fontations. The individual crates are already published to crates.io, too!
The intent does seem to be to completely replace the C/C++ code in HarfBuzz and FreeType in Android and Chrome, which would be a massive win for security. Numerous other HarfBuzz/FreeType users such as Firefox and all the Linux desktop would also benefit.
Curiously, Microsoft is rewriting their proprietary font parsing code in Rust as well: https://redd.it/12yg3cp