Update Depreciation of Manifest V2 Chrome extensions delayed

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
21,567
9to5Google: Google delays start of Manifest V2 Chrome extension deprecation
Google was originally set to phase out Chrome support for old Manifest v2 extensions in 2023, but that’s now being postponed.

On Friday, the company said that the “Manifest V2 deprecation timelines are under review and the experiments scheduled for early 2023 are being postponed.”

The original plan called for Chrome Beta, Dev, and Canary builds to start experiments that turned off Manifest V2 extension support. Additionally, Manifest V3 would be required to get the “Featured” badge in the Chrome Web Store.



Greetings extension devs,

As we head towards Manifest V3 migration, we are intently monitoring comments from the developer community to help inform our timelines. We’ve heard your feedback on common challenges posed by the migration, specifically the service worker’s inability to use DOM capabilities and the current hard limit on extension service worker lifetimes. We’re mitigating the former with the Offscreen Documents API (added in Chrome 109) and are actively pursuing a solution to the latter.

We’re committed to providing developers solutions to migration challenges with new functionality, bug fixes, and adequate time for adoption. For this reason, we’re postponing any January experiments to turn off Manifest V2 in pre-release channels of Chrome and changes to the featured badge in the Chrome Webstore, and we'll be evaluating all downstream milestones as well. Expect to hear more about the updated phase-out plan and schedule by March of 2023. Our guiding principle will be to give developers sufficient time to update and test their extensions after the launch of these new capabilities before turning off Manifest V2.

Thank you for all the feedback and passionate discussion thus far, and we wish you a happy start to 2023.

Simeon - @dotproto
Chrome Extensions DevRel
 

Max90

Level 8
Nov 9, 2022
379
Firefox had already told that they would allow a dual state (meaning continu MV2 support longer) and Edge already postponed it to 2024.

Also most MV3 sdblockers are not permission less and they still inject javascript en change CSS (stylesheets) of websites, so the security goal is not achieved of MV3.

Due to Chromium browsers killing service workers, those service workers need to br restarted (causing overhead), so I doubt the performance gosl will be schieved.

Possibly Chrome will implement some of the MV3 change request suggested by extension developers and limit the capabilities of Extensions further, because none of the main goals are achieved.

The last goal (at least what most MV3 dislikers say) to protect advertising income also failed, because adblocking is now also offered by DNS and VPN services and by competing browsers.

Ironically the use of Adnlockers was declining since 2019, but the fuzz and attention caused by MV3 critics seems to have broken this downward trend

Sometimes the advertising bullies (market leaders) are not succeeding in enforcing their will upon others. 😀
 
Last edited:

piquiteco

Level 8
Oct 16, 2022
395
Firefox had already told that they would allow a dual state (meaning continu MV2 support longer) and Edge already postponed it to 2024.

Also most MV3 sdblockers are not permission less and they still inject javascript en change CSS (stylesheets) of websites, so the security goal is not achieved of MV3.

Due to Chromium browsers killing service workers, those service workers need to br restarted (causing overhead), so I doubt the performance gosl will be schieved.

Possibly Chrome will implement some of the MV3 change request suggested by extension developers and limit the capabilities of Extensions further, because none of the main goals are achieved.

The last goal (at least what most MV3 dislikers say) to protect advertising income also failed, because adblocking is now also offered by DNS and VPN services and by competing browsers.

Ironically the use of Adnlockers was declining since 2019, but the fuzz and attention caused by MV3 critics seems to have broken the downward trend.

Sometimes the advertising bullies (market leaders) are not succeeding in enforcing their will upon others. 😀
Exactly, the same that happened with FLOC, much fuss and ended up being overshadowed by so many companies pointing out privacy flaws in it. (y)
 

oldschool

Level 75
Verified
Top Poster
Well-known
Mar 29, 2018
6,413
Also most MV3 sdblockers are not permission less and they still inject javascript en change CSS (stylesheets) of websites, so the security goal is not achieved of MV3.

Due to Chromium browsers killing service workers, those service workers need to br restarted (causing overhead), so I doubt the performance gosl will be schieved.
These are the primary issues with it, but of course all your other points are valid too. Point #2 is killing developers trying to migrate extensions.
 

Zero Knowledge

Level 16
Verified
Top Poster
Content Creator
Dec 2, 2016
775
It was never about security, no matter how much Google tried to spin it.

If they really wanted to clean up the extension ecosystem you would think the first step would be to hire more people to manually vet the extensions before they are accepted on the extension app store like Apple do. If Apple can do a reasonable job protecting users from rouge apps/extensions in their ecosystem, why can't Google?

The same thing goes for Google Android Play Store and malware, if they really wanted to, they could stop it this very minute, but my guess is they just run the app/extension through an automated script or program and if it passes give it the tick of approval with no oversight or double checking. They need to employ more people to manually check each and every extensions/apps otherwise the same thing will happen i.e., malicious extensions/apps in Google products.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top