Why Google’s Removal of Manifest V2 May Increase Ads in Your Browser
Google’s decision to retire Manifest V2 extensions and enforce Manifest V3 in Chrome limits real‑time request inspection, weakening ad‑blocking extensions like AdGuard and uBlock Origin, while citing security benefits that may inadvertently let more ads reach users.
Manifest V3 rollout
Google announced that Chrome will stop supporting Manifest V2 extensions at the end of August 2024 and will require all extensions in the Chrome Web Store to use Manifest V3.
Technical changes introduced by Manifest V3
Blocking WebRequest APIs are removed; extensions can only use declarative declarativeNetRequest rules.
The maximum number of declarative rules per extension is increased, but the total rule count is capped (the exact limit is defined by Chrome and differs from the unlimited rule generation possible with V2).
Extensions must declare static URL‑filtering rules in the manifest instead of inspecting each request in real time.
Effect on ad‑blocking extensions
Ad‑blocking extensions such as AdGuard and uBlock Origin previously relied on a “master key” that allowed them to intercept every network request, classify it as ad or content, and block it before it loaded. Under Manifest V3:
The extension no longer receives each request; Chrome performs the filtering based on the pre‑declared rule set.
Dynamic or newly packaged ads that are not covered by the static rule list may bypass the filter.
Consequently, the flexibility that made these extensions effective is reduced.
Security rationale and documented incidents
Google cites the high privileges granted to Manifest V2 extensions as a security risk. Extensions could read and modify web content, access cookies, and inject code. Malicious extensions have exploited these capabilities:
In late 2024 the security‑focused extension Cyberhaven suffered a supply‑chain attack; a malicious update stole user cookies and login credentials, leading to account compromise and AI‑API token revocation.
Reuters‑based researcher Jaime Blasco reported at least 35 extensions compromised by similar attacks, affecting roughly 2.6 million installations.
Google regularly removes malicious extensions from the Chrome Store, but Manifest V3 applies the same permission restrictions to both benign and malicious extensions.
Trade‑off analysis
Security benefit: Reducing the ability of extensions to read or modify arbitrary network traffic limits the attack surface for supply‑chain compromises.
Functionality loss: Legitimate privacy‑enhancing tools lose the ability to perform real‑time request inspection, which can degrade ad‑blocking effectiveness and privacy protection.
Browser ecosystem impact: Chromium‑based browsers (e.g., Microsoft Edge) inherit the same manifest requirements, so the change propagates beyond Chrome.
Conclusion
The transition to Manifest V3 eliminates unrestricted WebRequest blocking, enforces static declarative rules, and raises the rule‑count ceiling. While the move addresses documented supply‑chain attacks on extensions, it also constrains the core functionality of ad‑blocking and privacy extensions, creating a trade‑off between security hardening and user‑level content control.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Java Tech Enthusiast
Sharing computer programming language knowledge, focusing on Java fundamentals, data structures, related tools, Spring Cloud, IntelliJ IDEA... Book giveaways, red‑packet rewards and other perks await!
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
