Related papers: Developers Insight On Manifest v3 Privacy and Security Webextensions

Developers Insight On Manifest v3 Privacy and Security Webextensions

URL: http://arxiv.org/abs/2507.13926v1
Date: Fri, 18 Jul 2025 14:00:16 GMT
Title: Developers Insight On Manifest v3 Privacy and Security Webextensions
Authors: Libor Polčák, Giorgio Maone, Michael McMahon, Martin Bednář,
Abstract summary: Currently, Chrome transitions to a modified set of APIs called Manifest v3.<n>This paper studies the challenges and opportunities of Manifest v3 with an in-depth structured qualitative research.
Score: 0.0
License: http://creativecommons.org/licenses/by-nc-nd/4.0/
Abstract: Webextensions can improve web browser privacy, security, and user experience. The APIs offered by the browser to webextensions affect possible functionality. Currently, Chrome transitions to a modified set of APIs called Manifest v3. This paper studies the challenges and opportunities of Manifest v3 with an in-depth structured qualitative research. Even though some projects observed positive effects, a majority expresses concerns over limited benefits to users, removal of crucial APIs, or the need to find workarounds. Our findings indicate that the transition affects different types of webextensions differently; some can migrate without losing functionality, while other projects remove functionality or decline to update. The respondents identified several critical missing APIs, including reliable APIs to inject content scripts, APIs for storing confidential content, and others.

Related papers

Differentially Private Synthetic Data Release for Topics API Outputs [63.79476766779742]
We focus on one Privacy-Preserving Ads API: the Topics API, part of Google Chrome's Privacy Sandbox.<n>We generate a differentially-private dataset that closely matches the re-identification risk properties of the real Topics API data.<n>We hope this will enable external researchers to analyze the API in-depth and replicate prior and future work on a realistic large-scale dataset.
arXiv Detail & Related papers (2025-06-30T13:46:57Z)
Auditing Prompt Caching in Language Model APIs [77.02079451561718]
We investigate the privacy leakage caused by prompt caching in large language models (LLMs)<n>We detect global cache sharing across users in seven API providers, including OpenAI.<n>We find evidence that OpenAI's embedding model is a decoder-only Transformer, which was previously not publicly known.
arXiv Detail & Related papers (2025-02-11T18:58:04Z)
On the Differential Privacy and Interactivity of Privacy Sandbox Reports [78.85958224681858]
The Privacy Sandbox initiative from Google includes APIs for enabling privacy-preserving advertising functionalities.<n>We provide an abstract model for analyzing the privacy of these APIs and show that they satisfy a formal DP guarantee.
arXiv Detail & Related papers (2024-12-22T08:22:57Z)
Beyond Browsing: API-Based Web Agents [58.39129004543844]
API-Based Agents outperform web Browsing Agents in experiments on WebArena.<n>Hybrid Agents out-perform both others nearly uniformly across tasks.<n>Results strongly suggest that when APIs are available, they present an attractive alternative to relying on web browsing alone.
arXiv Detail & Related papers (2024-10-21T19:46:06Z)
The Privacy-Utility Trade-off in the Topics API [0.34952465649465553]
We analyze the re-identification risks for individual Internet users and the utility provided to advertising companies by the Topics API. We provide theoretical results dependent only on the API parameters that can be readily applied to evaluate the privacy and utility implications of future API updates.
arXiv Detail & Related papers (2024-06-21T17:01:23Z)
Did I Vet You Before? Assessing the Chrome Web Store Vetting Process through Browser Extension Similarity [3.7980955101286322]
We characterize the prevalence of malware and other infringing extensions in the Chrome Web Store (CWS), the largest distribution platform for this type of software. Our study reveals significant gaps in the CWS vetting process, as 86% of infringing extensions are extremely similar to previously vetted items. Our study also reveals that only 1% of malware extensions flagged by the CWS are detected as malicious by anti-malware engines.
arXiv Detail & Related papers (2024-06-01T09:17:01Z)
Manifest V3 Unveiled: Navigating the New Era of Browser Extensions [53.288368877654705]
In 2020, Google announced a shift in extension development with Manifest Version 3 (V3), aiming to replace the previous Version 2 (V2) by January 2023. This paper presents a comprehensive analysis of the Manifest V3 ecosystem.
arXiv Detail & Related papers (2024-04-12T08:09:26Z)
UA-Radar: Exploring the Impact of User Agents on the Web [3.8373578956681547]
In the early days of the web, giving the same web page to different browsers could provide very different results. User Agent (UA) string was introduced for content negotiation. Over the past three decades, the UA string remained exposed by browsers.
arXiv Detail & Related papers (2023-11-17T09:53:32Z)
Finding Vulnerabilities in Mobile Application APIs: A Modular Programmatic Approach [0.0]
Application Programming Interfaces (APIs) are becoming increasingly popular to transfer data in a variety of mobile applications. These APIs often process sensitive user information through their endpoints, which are potentially exploitable due to developer mis implementation. This paper created a custom, modular endpoint vulnerability detection tool to analyze information leakage in various mobile Android applications.
arXiv Detail & Related papers (2023-10-22T00:08:51Z)
Simple Transparent Adversarial Examples [65.65977217108659]
We introduce secret embedding and transparent adversarial examples as a simpler way to evaluate robustness. As a result, they pose a serious threat where APIs are used for high-stakes applications.
arXiv Detail & Related papers (2021-05-20T11:54:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.