Chrome 88’s Manifest V3 sets strict privacy rules for extension developers

The Chrome 88 browser’s mid-January release will include privacy and security measures that raised concerns among some developers during the last few months of testing.

Google announced in a blog post that the new restrictions built into the Manifest V3 programming interface for its browsers will be imposed on extensions, including limits on the number of rules extensions can run as a web page loads. The rules are central to popular ad blocker extensions that allow users to limit intrusive and annoying pop-up ads.

Those ad blockers used an API that gave them “access to potentially sensitive user data,” Google stated. Chrome 88 will now require the use of a more restrictive API, which Google says will protect user privacy.

Chrome extensions can use up to 30,000 rules, which seems like a pretty hefty number, but considering that popular ad blockers like EasyList use 60,000 or more rules, the new limitations are likely to force many extension developers to rethink their strategies. or modify your Capabilities

However, the Chrome team says it listened to the developers’ concerns and tried to address them. The team says a future iteration of the browser, Chrome 89, will raise the rules threshold to 300,000.

“We believe extensions should be trusted by default, so we’ve spent this year making extensions more secure for everyone,” Google said in the blog post Wednesday. “After an extensive review of the concerns raised by content blockers and the community, we believe that the majority of those concerns have been or will be resolved,” Microsoft said.

The new rules will affect other major browsers as well. Microsoft Edge, Opera and Vivaldi also use the Chromium open source code and are expected to adopt the Manifest V3 interface.

Manifest V3 will also prohibit the use of remotely hosted code. Google says that malicious code downloaded after installation allowed malicious developers to bypass Google’s malware detection tools. The new restriction allows for a faster and more comprehensive review of extension submissions, Google said.

The problem was significant: Google recently reported that it blocks around 1,800 malicious payloads each month. Google has tripled the number of engineers assigned to detect extensions violations and quadrupled the number tasked with reviewing applications.

More changes will arrive at the end of next year. The Chrome team says that users will gain greater control over the personal data collected by extensions. Extensions will be required to include a “Privacy Practices” section in the Chrome Web store that lists the data the extension would collect. Users will be able to choose to participate or not at the time of installation. Also, extensions will no longer be able to update code through third-party sites. Rather, updates must be run through the Chrome Web Store.

Not everyone is happy with Manifest V3, despite Google’s efforts to compromise.

“The main victim of Manifest V3 is innovation,” said Andrey Meshkov, co-founder and chief technology officer of ad blocker extension AdGuard. He said his company and others sought to improve the efficiency of their products through artificial intelligence, but that Manifest’s restrictions will slow down their efforts.

“This is not so relevant anymore. Now Chrome, Safari and Edge dictate what can or cannot be blocked and how it should be done.”

Chrome Web Store will start accepting extensions that adhere to the Manifest V3 rules in mid-January. Users can experiment with Manifest V3 browsing with Chrome 88 Beta, available now.

© 2020 Science X Network