With hundreds of millions of people using over 250,000 items in the Chrome Web Store, extensions have become essential to how many of us experience the web and get work done online. We believe extensions must be trustworthy by default, which is why we’ve spent this year making extensions safer for everyone.

Today we’re officially announcing the planned rollout of Manifest V3 for Chrome Extensions, a new version of the extensions platform that makes extensions more secure, performant, and private-respecting by default.

Security

With the introduction of Manifest V3, we will disallow remotely hosted code. This mechanism is used as an attack vector by bad actors to circumvent Google’s malware detection tools and poses a significant risk to user privacy and security.

The removal of remotely hosted code will also allow us to more thoroughly and quickly review submissions to the Chrome Web Store. Developers will then be able to release updates to their users more quickly.

On the extensions team, we believe that a trustworthy Chrome and a trustworthy extensions experience is not only great for users but is also essential for developers. In the long run, Manifest V3 will help the extension ecosystem continue to be a place that people can trust.

Performance

We know that performance is key to a great user experience, and as we began work on the third iteration of our extension platform, performance was a foundational consideration. Two areas where this has manifested are our approach to background logic and API design.

First, we are introducing service workers as a replacement for background pages. Unlike persistent background pages, which remain active in the background and consume system resources regardless of whether the extension is actively using them, service workers are ephemeral. This ephemerality allows Chrome to lower overall system resource utilization since the browser can start up and tear down service workers as needed.

Second, we are moving to a more declarative model for extension APIs in general. In addition to security benefits, this provides a more reliable end-user performance guarantee across the board by eliminating the need for serialization and inter-process communication. The end result is better overall performance and improved privacy guarantees for the vast majority of extension users.

Privacy

To give users greater visibility and control over how extensions use and share their data, we’re moving to an extensions model that makes more permissions optional and allows users to withhold sensitive permissions at install time. Long-term, extension developers should expect users to opt in or out of permissions at any time.

For extensions that currently require passive access to web activity, we’re introducing and continuing to iterate on new functionality that allows developers to deliver these use cases while preserving user privacy. For example, our new declarativeNetRequest API is designed to be a privacy-preserving method for extensions to block network requests without needing access to sensitive data.

The declarativeNetRequest API is an example of how Chrome is working to enable extensions, including ad blockers, to continue delivering their core functionality without requiring the extension to have access to potentially sensitive user data. This will allow many of the powerful extensions in our ecosystem to continue to provide a seamless user experience while still respecting user privacy.

Availability & Continued Iteration

When the Manifest V3 draft proposal was initially shared with the Chromium developer community, we received an abundance of helpful feedback — thank you! We have been working closely with the developers of many extensions — including ad blockers, shopping extensions, productivity enhancements, developer tools, and more — to evolve the platform.

We've used this feedback to improve the functionality and usability of the API surfaces associated with Manifest V3. For example, we have added support to declarativeNetRequest for multiple static rulesets, regular expressions within rules, declarative header modification, and more.

“We’ve been very pleased with the close collaboration established between Google’s Chrome Extensions Team and our own engineering team to ensure that ad-blocking extensions will still be available after Manifest V3 takes effect."

— Sofia Lindberg, Tech Lead, eyeo (Adblock Plus)

Even after Manifest V3 launches, expect more functionality and iteration as we continue to incorporate feedback and add new features to make V3 even more powerful for developers while preserving user privacy. If you are interested in contributing to the conversation, please comment and discuss on the chromium-extensions Google Group.

Manifest V3 is now available to experiment with on Chrome 88 Beta, with additional exciting features to follow in upcoming releases. The Chrome Web Store will start accepting Manifest V3 extensions January, shortly after Chrome 88 reaches stable. While there is not an exact date for removing support for Manifest V2 extensions, developers can expect the migration period to last at least a year from when Manifest V3 lands in the stable channel. We will continue to provide more details about this timeline in the coming months.

Posted by David Li - Product Manager, Chrome & Simeon Vincent - Developer Advocate, Chrome