Google has recently come under fire for a new change to the way the Web Request API works in Chrome. This API is used by many extensions, and the changes could affect the ability of ad blockers to function properly.
Google is charging ahead despite the controversy, however, and took to its security blog to explain why it thinks the changes are necessary for the protection of users, and to also quell concerns about the change potentially neutering ad blockers in Chrome.
The company explains that the explosive growth in the popularity of extensions has resulted in the Chrome team having to take drastic measures to reduce their abuse by nefarious actors. This comprised of not only various changes to how extensions are reviewed, but Google has also increased the number of reviewers by 400% in the last year, alongside a 300% increase in the size of the teams that work on extension abuse.
This has already resulted in the rate of malicious extension installations going down by 89% since 2018, but Google feels it needs to do more. Its solution has been to change how APIs relating to extensions work. Previously, extensions such as ad blockers would be able to request all information about a network request - which would include possibly sensitive information - from the browser in order to perform their specific functions.
With the change, Google will be replacing the Web Request API with the Declarative Net Request API, which allows extension makers to have granular control over exactly the information they need from the browser, without receiving information that is sensitive or otherwise irrelevant to their function. The blog uses the following simple schematic to explain the difference:
Google concludes the post by admitting the change has been controversial, especially with regard to ad blockers, but reiterates that the change would not necessarily neuter ad blockers. Developers would simply need to change how their extensions work using the new API in order to provide the same functionality.
Other Chromium-based browsers like Opera and Vivaldi have declared that they will continue to support the old API for extensions, despite Google's changes. For Chrome users, the only exception to the new rules, once they're implemented, would be to switch to the enterprise version of Chrome, which will continue to support the old API.