+This section is non-normative.
+
The primary security impact is that features of this API make it easier for an
attacker to exploit vulnerabilities in the underlying platform codecs.
Additionally, new abilities to configure and control the codecs can allow for
@@ -5603,14 +5606,16 @@
exploits being able to read user data.
An additional concern is exposing the underlying codecs to input mutation race
-conditions. Specifically, it
SHOULD not be possible for
-a site to mutate a codec input or output while the underlying codec is still
-operating on that data. This concern is mitigated by ensuring that input and
-output interfaces are immutable.
+conditions, such as allowing a site to mutate a codec input or output while
+the underlying codec is still operating on that data. This concern is mitigated
+by ensuring that input and output interfaces are immutable.
Privacy Considerations{#privacy-considerations}
===============================================
+
+This section is non-normative.
+
The primary privacy impact is an increased ability to fingerprint users by
querying for different codec capabilities to establish a codec feature profile.
Much of this profile is already exposed by existing APIs. Such profiles are very