Google Manifest V3 and Malwarebytes Browser Guard

We wanted to update you on some changes that Google’s making, and what we’re doing in Browser Guard to keep you protected. 

Some of our customers have recently reported seeing messages that say Browser Guard may soon no longer be supported in their browser. Luckily, there’s no need for you to worry: You’ll continue to get the same Browser Guard protection and experience, we’ve just had to make some adjustments in how we build the extension. 

Today, we brought out the new version of Browser Guard which addresses Google’s changes. If you want to read more of the technical details then you can do so below, or you can head straight over to the Chrome or Edge stores now to update. 

A similar change in Firefox is coming soon and we’ll let you know when it’s ready. 

What is Google changing? 

For those not familiar with the terms, Google’s Manifest V2 and V3 are the “rules” that browser extension developers are required to follow if they want their extensions to get accepted into the Chrome Web Extension Store.  

Google says Manifest V3 was brought in to improve the security, privacy, performance, and trustworthiness of the extension ecosystem, while still protecting existing functionality. 

The phasing out of Manifest V2 began at the end of May, and the Chrome Web Store no longer accepts Manifest V2 extensions, although browsers can still use them for the time being. 

How does Manifest V3 affect Browser Guard? 

One of the new changes that impacts Browser Guard and many other ad (and malicious content) blockers is that extensions will be limited in the number of rules they can include. That’s a problem because ad blockers historically rely on a large number of rules. 

Cybercriminals have the habit of setting up new domains by the dozen, and, generally speaking, each blocked domain or subdomain requires one rule. So if ad blockers want to keep up, they too have to continuously create new rules. 

Google has made some compromises after objections were raised when the company first announced Manifest V3, but there are still limitations which have an effect. 

How Malwarebytes has dealt with this 

The new limitations of Manifest V3 meant we had to develop a different way to block content for our users that use Chromium based browsers like Google Chrome and Microsoft Edge.  

The new Browser Guard uses a mix of static and dynamic rules to protect our users. 

Static rules are rules that are contained in the ruleset files which can be seen as block lists. These files are shipped with each version release. 

Dynamic rules are rules that can be added and removed at runtime. Chrome allows up to 30,000 dynamic rules. Browser Guard uses dynamic rules for two purposes: 

  • Session rules are dynamic rules that can be added and removed at runtime, but they are session-scoped and are cleared when the browser shuts down and when a new version of the browser is installed. 
  • Dynamic rules can be used to store allow lists, user blocked content, and general rules that block more than one domain. Take, for example, the IP address of a server that is known to host nothing but phishing sites. 

To deal with urgent situations we can use ruleset overrides, which are a mechanism by which we can override the static rules shipped with Browser Guard without requiring our users to add exclusions. 

Your version of Browser Guard will be automatically updated to the latest version, but if you want to get it now you can do so for Chrome or Edge

Thanks for continuing to choose Malwarebytes to protect you. 

https://blog.malwarebytes.com/feed/

Leave a Reply