←back to thread

"Begin disabling installed extensions still using Manifest V2 in Chrome stable"

(developer.chrome.com)
552 points freedomben | 1 comments | 11 Oct 24 14:20 UTC | HN request time: 0s | source
Show context
est ◴[11 Oct 24 14:36 UTC] No.41809848[source]
Can't we avoid the Manifest bullshit altogether?

I remember how IE plugins roles: just dll inject into the process.

replies(4): >>41809886 #>>41810032 #>>41814087 #>>41825057 #
emestifs ◴[11 Oct 24 14:40 UTC] No.41809886[source]
Inject dll's from the internet right into the browser. Yes, let's!
replies(1): >>41810215 #
yjftsjthsd-h ◴[11 Oct 24 15:14 UTC] No.41810215[source]
I'm not convinced that this is a good idea, but I don't think that's the reason; don't all your dlls come from the internet?
replies(2): >>41810341 #>>41816218 #
emestifs ◴[11 Oct 24 15:26 UTC] No.41810341{3}[source]
My comment was sarcasm.

The difference here is are you downloading a random dll from a well known source or from http://free-vpn-fast-internet.dwnloadfree.ru/free-chrome-vpn...? My mom isn't going to know the difference and will click the big green DOWNLOAD NOW button blindly.

replies(2): >>41810726 #>>41816205 #
1. est ◴[12 Oct 24 03:39 UTC] No.41816205{4}[source]
My heavily downvoted comment was also a sarcasm.

So here's the dilemma:

- People are afraid of plugins "in the wild". People need some kind of centralized, managed "extension store"

- People complains about store policy like Manifest V3

I don't think a single mechanism can please both crowds.

And what's worse? Google doesn't actually care about the security of the the "store". Scam extensions are everywhere. The "audit process" are minimal, customer/developer service are essentially none, and Google only enforce rules that affect their ads business.