Home / Technology / The Chrome API update not only overrides ad blockers, but also other extensions

The Chrome API update not only overrides ad blockers, but also other extensions

  Chrome Extensions

A planned upgrade of one of the Google Chrome extension APIs would cause far more than just a few ad blockers, including browser extensions for antivirus products, parental controls, and various privacy enhancements, according to ZDNet [1

9659003] Enhancements developers released by F-Secure, NoScript, Amnesty International, and Ermes Cyber ​​Security, among others, today voiced their concerns after announcing yesterday that Google is considering an API change.

Their criticism expressed concern from Raymond Hill, the author of the uBlock Origin and uMatrix ad blockers, who raised the issue with Chrome developers yesterday in a bug report.

Hill pointed out that Google's decision to restrict Chrome's script blocking capabilities to the new DeclarativeNetRequest API [1, 2] instead of the old webRequest API would reduce the ability of the adblocker to run certain scripts, including that of the Advertising used scripts to block ms.

The change would probably affect all other ad blockers too, said Andrey Meshkov, co-founder of AdGuard, another ad blocking engine for Chrome.

Regular Chrome users and technical news sites were quick to criticize Google, which announced two weeks ago that it would extend Chrome's built-in ad blocker to global users by July 2019. Many have pointed out that the Chrome API modification came just in time to hinder and neutralize competing ad blockers. [19659004] However, after the new criticism released today, this would involve far more types of extensions than just ad blockers.

Chrome security plugins were also affected

The largest of these categories were extensions developed by antivirus vendors designed to prevent

"Apart from blocking ads, this also seems to affect security software Exploiting Dependencies Dynamically blocking https traffic that is considered malicious or otherwise harmful to the user, "said Jouni Korte, Senior Software Engineer for Finnish antivirus vendor F-Secure.

"These include sites that propagate mal / spy / moodware, but also for B. the type of parental control of features, such as protecting the (subordinate) user from content that is harmful to him / her. undesirable, "he said.

The F-Secure developer's opinion that this would affect almost all security-related Chrome extensions would also be clear from Claudio Guarnieri, Senior Technologist at Amnesty International.

"I also want to reiterate what Jouni has just said, and I believe these changes will cause many security enhancements to malfunction." Guarnieri said.

"When these changes are released, the extension [my] will no longer work," said Brandon Dixon, author of Blockade.io's Chrome extension, which blocks drive-by attacks and prevents users from phishing Sites.

"The proposed changes to the manifesto will enable us to serve vulnerable communities on a large scale, please reconsider the changes to WebRequest blocking capabilities," Dixon said.

Similar views were also expressed by Kristof Kovacs, one of the developers of a child protection extension who provides the Privowny extension, which offers a wide range of privacy on the Internet extension capabilities, but also from the team of Ermes Cyber ​​Security, the creators of another security-focused Chrome extension that blocks access to known phishing sites.

NoScript's Chrome Port Can Never Land

Last but not least, Giorgio Maone, the maker of the NoScript Firefox add-on, also agreed and pointed out that the new API will not be able to is going to release the long awaited NoScript version of Chrome for which he has worked more than a year.

The NoScript Firefox add-on has a mythical reputation among security people, and many have asked Maone for years for a Chrome version.

NoScript is good at blocking JavaScript code. This is one of the extensions included with the privacy-protected Tor Browser by default. If Chrome developers continue with the planned changes, there may not be a NoScript version for Chrome, especially since NoScript can not work as efficiently as Firefox.

Google will change its mind when users push back

The good news is that criticism of the new DeclarativeNetRequest API came at the right time, at a time when Chrome developers deliberately left open feedback before they continue with the implementation of the proposed API in the Chromium code, the browser engine continues in the heart of Chrome, Vivaldi, Opera, Brave and other browsers.

"This change is NOT intended for GIMP AD BLOCKERS _ but rather serves to make it faster and safer, which could affect uBlock.") Said Andrew Meyer, one of the Chromium engineers. "The newly proposed Content Blocking API is not final and can / will be changed."

Now the question remains whether Google will go back after the massive pushback from end users and extension developers.

After the company was caught Google secretly logs users into Chrome accounts when they access a Google site. Google is on very thin ice with most users. Blocking third-party ad blocking while starting their own is a terrible sight for the browser maker that many users are unlikely to forgive.

More Browser Coverage:

Source link