Google to weaken ad blockers on Chrome in a push for security


Starting June 2024, adblockers such as uBlock Origin and many other extensions on Chrome will no longer work as intended. Google Chrome will begin disabling extensions based on an older extension platform, called Manifest V2, as it moves to the more limited V3 version.

Google Chrome is transitioning its extensions Manifest to version 3, which is supposed to bring more security, higher efficiency, and ask for fewer user permissions. But a more limited feature set means that extensions will also be more limited in functionality.

An extension manifest defines information about an extension's capabilities and the files it uses.

Researchers from vx-underground shared online that the move to V3 basically means disabling ad blocker uBlock Origin in Chrome.

“Google states these changes are for API security concerns. Many plugin developers (uBlock included) expressed concern that this move from MV2 to MV3 will render their plugins useless (or non-functional), despite this feedback Google has stated they will move forward regardless. Some speculate this is an intentional move by Google due to suspected loss of ad-revenue. We don’t know,” vx-underground writes.

Electronic Frontier Foundation (EFF), a non-profit defending civil liberties in the digital world, explained earlier that Google’s Manifest V3 (MV3) removes the ability to redirect requests using the flexible webRequest API. This API is required for its extension Privacy Badger, blocking invisible trackers, to work.

“MV3 replaces blocking webRequest with the limited by design Declarative Net Request (DNR) API. Unfortunately, this means that MV3 extensions are not able to properly fix redirects at the network layer at this time. We would like to see this important functionality gap resolved before MV3 becomes mandatory for all extensions,” EFF stated.

Cybernews has already explained why this webRequest API is dangerous – it allows Chrome extensions to see excessive private information and malicious actors can exploit that.

Changes to roll out gradually starting June 2024

According to the timeline, Google will begin disabling Manifest V2 extensions in Chrome 127, starting with pre-stable versions, such as beta or for developers.

“Users impacted by the rollout will see Manifest V2 extensions automatically disabled in their browser and will no longer be able to install Manifest V2 extensions from the Chrome Web Store,” Google explained.

Google plans to monitor the feedback and collect the data closely. Then, the change will gradually roll out to stable versions.

“The exact timing may vary depending on the data collected, and during this time, we will keep you informed about our progress,” Google explained.

After receiving an initial response from developers, Google introduced some changes, allowing improved content filtering support by providing more generous limits, adding a new User Scripts API for running user scripts, and others.

Andrey Meshkov, CTO at AdGuard, supported Google’s efforts.

"With Manifest V3, we've observed the immense effort that browser teams (Chrome in particular, but also other browsers) are putting into working on a unified platform, and I see how they are listening to the feedback from extension developers,” – Meshko said. “We're very hopeful that the new unified platform will bring substantial benefits to the entire browser extensions ecosystem, and that ad blockers like us will be able to continue being up to the task and further improve.”

However, the uBlock Origin community could be happier. The company introduced the Lite version of its ad blocker, which requires no user permissions but lacks many features, such as importing filter lists or creating your own.

Some users on X and Reddit started thinking of switching to other browsers such as Brave or Firefox.

Google believes it addressed mitigation concerns and is ready to continue moving towards V3 “and the higher security and privacy guarantees it provides.”


More from Cybernews:

Vietnam Post exposes 1.2TB of data, including email addresses

Eastern nations more receptive to AI, hints UN tech advisor

City of Long Beach declares state of emergency after cyberattack

FBI warning on MGM hacker group Scattered Spider, urges victims to come forward

US prison allegedly hit by ransomware attack

Subscribe to our newsletter



Comments

Adam
prefix 2 months ago
They always use security as their excuse, such a bunch of hypocrites, the same thing is done right across many industries, when they want to push something onto people the buzzword rings out, "Security" oh my God we all going to die, let's barricade ourselves inside our homes no windows, no doors, you never know, someone could fly through the window.
It's called BS, Google is a greedy entity, it is a control freak entity, it is run by a bunch of psychopaths, I won't be using Chrome if it's the last browser, and I won't be using google search engine, and that's just me, as for YouTube, there are hundred other alternatives. So, Google piss off, how's that for a feedback?
Tahzib
prefix 3 months ago
“and the higher security and privacy guarantees it provides.”
lmao...since when did google care about privacy...they just settled 5B lawsuit on incognito not being incognito
Adam
prefix 2 months ago
Exactly, Google is the first biggest criminal, anyone who trusts these big corporations is a fool. They are behind everything that happens on the internet, and I mean dodgy activities so they can justify their draconian rules, and clamping down on whatever they don't like.
Leave a Reply

Your email address will not be published. Required fields are markedmarked