Why Google’s Removal of Manifest V2 May Increase Ads in Your Browser

Google’s decision to retire Manifest V2 extensions and enforce Manifest V3 in Chrome limits real‑time request inspection, weakening ad‑blocking extensions like AdGuard and uBlock Origin, while citing security benefits that may inadvertently let more ads reach users.

Java Tech Enthusiast
Java Tech Enthusiast
Java Tech Enthusiast
Why Google’s Removal of Manifest V2 May Increase Ads in Your Browser

Manifest V3 rollout

Google announced that Chrome will stop supporting Manifest V2 extensions at the end of August 2024 and will require all extensions in the Chrome Web Store to use Manifest V3.

Technical changes introduced by Manifest V3

Blocking WebRequest APIs are removed; extensions can only use declarative declarativeNetRequest rules.

The maximum number of declarative rules per extension is increased, but the total rule count is capped (the exact limit is defined by Chrome and differs from the unlimited rule generation possible with V2).

Extensions must declare static URL‑filtering rules in the manifest instead of inspecting each request in real time.

Effect on ad‑blocking extensions

Ad‑blocking extensions such as AdGuard and uBlock Origin previously relied on a “master key” that allowed them to intercept every network request, classify it as ad or content, and block it before it loaded. Under Manifest V3:

The extension no longer receives each request; Chrome performs the filtering based on the pre‑declared rule set.

Dynamic or newly packaged ads that are not covered by the static rule list may bypass the filter.

Consequently, the flexibility that made these extensions effective is reduced.

Security rationale and documented incidents

Google cites the high privileges granted to Manifest V2 extensions as a security risk. Extensions could read and modify web content, access cookies, and inject code. Malicious extensions have exploited these capabilities:

In late 2024 the security‑focused extension Cyberhaven suffered a supply‑chain attack; a malicious update stole user cookies and login credentials, leading to account compromise and AI‑API token revocation.

Reuters‑based researcher Jaime Blasco reported at least 35 extensions compromised by similar attacks, affecting roughly 2.6 million installations.

Google regularly removes malicious extensions from the Chrome Store, but Manifest V3 applies the same permission restrictions to both benign and malicious extensions.

Trade‑off analysis

Security benefit: Reducing the ability of extensions to read or modify arbitrary network traffic limits the attack surface for supply‑chain compromises.

Functionality loss: Legitimate privacy‑enhancing tools lose the ability to perform real‑time request inspection, which can degrade ad‑blocking effectiveness and privacy protection.

Browser ecosystem impact: Chromium‑based browsers (e.g., Microsoft Edge) inherit the same manifest requirements, so the change propagates beyond Chrome.

Conclusion

The transition to Manifest V3 eliminates unrestricted WebRequest blocking, enforces static declarative rules, and raises the rule‑count ceiling. While the move addresses documented supply‑chain attacks on extensions, it also constrains the core functionality of ad‑blocking and privacy extensions, creating a trade‑off between security hardening and user‑level content control.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

ChromeBrowser securityManifest V3Supply chain attackAd blockersExtension permissions
Java Tech Enthusiast
Written by

Java Tech Enthusiast

Sharing computer programming language knowledge, focusing on Java fundamentals, data structures, related tools, Spring Cloud, IntelliJ IDEA... Book giveaways, red‑packet rewards and other perks await!

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.