Google encourages all new native code in Android to be written in Rust. Rust-based codecs can certainly reach the speeds of C++. And it does rule out memory safety bugs. https://security.googleblog.com/2022/12/memory-safe-language...

Of course as the blog post says, just because memory safety bugs are overcome doesn't mean vulnerabilities have stopped; people find other kinds of vulnerability now.

It can be overcome with time and it is getting better, those are just the historical reasons it's not already better.

Google has contributed lots of fuzzing time and security improvements to eg ffmpeg already.

Definitely, but GP was specifically using this as an argument for Google not supporting a codec in Chrome. If anybody can spare the effort to do it safely, it’s them.