alt Hacker NewsIt was more of a security related change. MV3 overall objectively is far better for browser security than MV2. MV2 was essentially giving extensions a full on free RCE pathway. MV3 is what it should’ve been from the start imo.
It was more of a security related change. MV3 overall objectively is far better for browser security than MV2. MV2 was essentially giving extensions a full on free RCE pathway. MV3 is what it should’ve been from the start imo.
MV3 still allows you to run content scripts, which can inject any javascript into any webpage. From there, you can do anything you want. You can steal passwords, tokens, show popups, redirect, ... etc. Preventing extensions from dynamically modifying network requests doesn't change that.