Google is about to disable uBlock Origin and all other Manifest V2 extensions in Chrome

Google is weeks away from permanently disabling all Manifest V2 browser extensions in Chrome, a change that will kill uBlock Origin and limit what content blockers can do within the world’s most popular browser. Chrome 150, scheduled to reach the stable channel on June 30, will remove the ExtensionManifestV2Disabled flag, the last method that allowed users and business administrators to keep MV2 extensions running after Google started disabling them.

Chrome 151, expected about four weeks later, will remove the remaining MV2-related flags. Google engineer Devlin Cronin confirmed the timeline for the Chromium code review agreement that removes the flag infrastructure from the Chrome codebase. Once the flags are gone, there is no configuration, no enterprise policy override, and no hidden setting that will restore MV2 functionality.

Change has been coming for years. Google first announced the migration of Manifest V3 in 2019, arguing that the new framework will improve security, privacy, and performance. The main technology change is the replacement of the webRequest API, which allowed extensions to capture and modify network traffic in real time, with the declarativeNetRequest API, which requires extensions to submit predefined filtering rules.

That difference is not in education. uBlock Origin, the most used content blocker in Chrome with over 40 million users, relies on dynamic filtering to block ads, trackers, and malicious content over time. Its developer, Raymond Hill, said that the Manifest V3 version cannot replicate the full functionality of the original, and although a simpler version called uBlock Origin Lite exists in MV3, it supports only a small part of the filter list and cannot perform cosmetic filtering that makes the original work against modern advertising methods.

Google’s security controversy is not without merit. The webRequest API gives extensions deep access to every network request a browser makes, meaning a vulnerable or malicious extension can silently intercept passwords, redirect traffic, or inject code into any page a user visits. A recent incident in the Chrome Web Store shows a vulnerability: the popular “Save Image As Type” extension, which had hundreds of thousands of users, was hijacked by a group calling itself Karma and quietly modified to steal commissions from its e-commerce partners, a compromise that went unnoticed for months.

The declarativeNetRequest API is designed to prevent this class of attacks by limiting extensions to the predefined rule sets that Chrome uses natively, rather than giving extensions arbitrary access to network traffic. The trade off is that the rules are static. Extensions cannot adapt to new threats, new advertising strategies, or new tracker domains without pushing an update through the Chrome Web Store update process.

Critics argue that the security case is inseparable from Google’s business incentives. Google generated an estimated $239.5 billion in advertising revenue by 2025 and is expected to be overtaken by Meta as the world’s largest digital advertising company by 2026. Content blockers directly reduce the number of ads users see, and while Manifest V3’s restrictions don’t prevent ad blocking entirely, it eliminates a number of Block blocking rules and makes them ineffective. Origin works effectively against fast-changing ad delivery systems.

The US’s Cybersecurity and Infrastructure Security Agency, CISA, has recommended the use of ad blocking software as a defense against maladaptive, malicious software distribution through legitimate advertising networks. The 2024 CISA guidance document specifically cited ad blockers as a layer of protection against drive-by downloads and malicious redirects offered by targeted ad exchanges. The Manifest V3 migration will reduce the most effective tool in that category to the browser used by approximately 65% ​​of desktop Internet users worldwide.

Firefox, not built on Chromium and not under Google’s extension framework, continues to fully support Manifest V2 and uBlock Origin. Mozilla has implemented its Manifest V3 version but has maintained backward compatibility with the webRequest API, allowing content blockers to run unhindered. Brave, based on Chromium, has built its own ad blocking engine directly into the browser, bypassing the extension framework entirely.

The timing is remarkable: Google’s AI search overhaul, announced at I/O 2026, is already accelerating the decline in traffic for publishers that depend on search traffic. The simultaneous weakening of content blockers in Chrome means users will see more ads on the pages they visit, while Google’s AI-generated answers increasingly replace those pages entirely. The combined effect strengthens Google’s hold on both the discovery and monetization segments of the web.

For the estimated 40 million users of uBlock Origin on Chrome, the practical options are limited. They can switch to Firefox or Brave, both of which support full-strength content blocking. They can install uBlock Origin Lite and accept reduced functionality, or they can do nothing, in which case Chrome 150 will silently disable the extension and display a notification that it is no longer supported.

Google has framed the Manifest V3 transition as a necessary change for a platform that serves billions of users. The security concerns it implies are real, and the “Save Image As Type” hack is exactly the kind of incident that the more restrictive API framework is designed to prevent. But the question of whether the same company that sells ads should also control the tools available to block them is one that technical merit alone cannot answer.