Yes, I trust plenty of software and I'm not suggesting that extensions are bad in theory. Extensions being able to silently inject code and ownership to change at any time is a pretty bad security model. We can agree that there are _bad_ security models, right?

It's the sum of the parts in changes from manifest V2:

- no arbitrary code injection via executeScript, must be a file now

- no more remote code

- no more arbitrarily getting selected text or highlighted text on a tab

- declarativeNetRequest instead of intercepting requests

- explicit listeners on the page to help detect bad actors (vs just arbitrary JS running on the page)

Even ignoring ad blocking - with those rules stuff like Tampermonkey which is totally legit can no longer work with execute script. You also lost a lot of functionality by losing DOM, having to rely on the broken lifetime of a Service Worker instead of persistent background page .

It took Google three to four years to acknowledge that the community is completely correct with its criticisms, and that MV3 is garbage designed by people who have no knowledge on how people write extensions and which abilities they actually use.

They're finally adding features that should have been there years ago. The new scripting API which brings back arbitrary scripts, in a new form, the offscreen documents API, and hopefully they'll eventually implement limited event pages which are somewhat solving the background page lifetime and DOM issues (which are already implemented by Mozilla and Safari I believe). Obviously, everything was decided hastily in the last second so all of the features are supposed to be completed by "around" October 2022, just two months before the original MV2 cutoff.

I've also read some of the extension working group transcripts, it's pretty sad how Google/Chrome has no accountability and almost zero transparency.