Google is weeks away from permanently disabling every Manifest V2 browser extension in Chrome, a change that will kill uBlock Origin and fundamentally limit what content blockers can do inside the world's most popular browser. Chrome 150, scheduled to reach the stable channel on June 30, will remove the ExtensionManifestV2Disabled flag, the last mechanism that allowed users and enterprise administrators to keep MV2 extensions running after Google began phasing them out.

Chrome 151, expected approximately four weeks later, will strip the remaining MV2-related flags entirely. Google engineer Devlin Cronin confirmed the timeline in a Chromium code review commit that removes the flag infrastructure from Chrome's codebase. Once the flags are gone, there is no workaround, no enterprise policy override, and no hidden setting that will restore MV2 functionality.

The change has been coming for years. Google first announced the Manifest V3 migration in 2019, arguing that the new extension framework would improve security, privacy, and performance. The core technical change is the replacement of the webRequest API, which allowed extensions to intercept and modify network traffic in real time, with the declarativeNetRequest API, which requires extensions to submit static filtering rules in advance.

That distinction is not academic. uBlock Origin, the most widely used content blocker on Chrome with more than 40 million users, relies on dynamic filtering to block ads, trackers, and malicious content on the fly. Its developer, Raymond Hill, has said that a Manifest V3 version cannot replicate the full functionality of the original, and while a lighter version called uBlock Origin Lite exists for MV3, it supports only a fraction of the filter lists and cannot perform the cosmetic filtering that makes the original effective against modern advertising techniques.

Google's security argument is not without merit. The webRequest API gives extensions deep access to every network request a browser makes, which means a compromised or malicious extension can silently intercept passwords, redirect traffic, or inject code into any page a user visits. A recent case in the Chrome Web Store illustrates the risk: the popular “Save Image As Type” extension, which had hundreds of thousands of users, was hijacked by a group calling itself Karma and silently modified to steal affiliate commissions from e-commerce transactions, a compromise that went undetected for months.

The declarativeNetRequest API is designed to prevent this class of attack by restricting extensions to predefined rule sets that Chrome enforces natively, rather than giving extensions arbitrary access to network traffic. The trade-off is that the rules are static. Extensions cannot adapt to new threats, new advertising techniques, or new tracker domains without pushing an update through the Chrome Web Store review process.

Critics argue that the security case is inseparable from Google's business incentives. Google generated an estimated $239.5 billion in advertising revenue in 2025 and is projected to be overtaken by Meta as the world's largest digital advertising company in 2026. Content blockers directly reduce the number of ads users see, and while the Manifest V3 restrictions do not ban ad blocking entirely, they cap the number of filtering rules an extension can apply and eliminate the dynamic blocking that makes tools like uBlock Origin effective against rapidly evolving ad-delivery systems.

The US Cybersecurity and Infrastructure Security Agency, CISA, has recommended the use of ad-blocking software as a defence against malvertising, the practice of distributing malware through legitimate advertising networks. A 2024 CISA guidance document specifically cited ad blockers as a layer of protection against drive-by downloads and malicious redirects served through programmatic ad exchanges. The Manifest V3 migration will weaken the most effective tool in that category on the browser used by roughly 65% of desktop internet users worldwide.

Firefox, which is not built on Chromium and is not subject to Google's extension framework, continues to support Manifest V2 and uBlock Origin in full. Mozilla has implemented its own version of Manifest V3 but has maintained backward compatibility with the webRequest API, allowing content blockers to function without restriction. Brave, which is Chromium-based, has built its own ad-blocking engine directly into the browser, bypassing the extension framework entirely.

The timing is notable: Google's AI search overhaul, announced at I/O 2026, is already accelerating a traffic collapse for publishers who depend on search referrals. The simultaneous weakening of content blockers in Chrome means users will see more ads on the pages they do visit, while Google's own AI-generated answers increasingly replace those pages altogether. The combined effect tightens Google's grip on both the discovery and monetisation layers of the web.

For the estimated 40 million uBlock Origin users on Chrome, the practical options are limited. They can switch to Firefox or Brave, both of which support full-capability content blocking. They can install uBlock Origin Lite and accept reduced functionality, or they can do nothing, in which case Chrome 150 will silently disable the extension and display a notification that it is no longer supported.

Google has framed the Manifest V3 transition as a necessary modernisation of a platform that serves billions of users. The security concerns it cites are real, and the “Save Image As Type” hijacking is exactly the kind of incident that a more restrictive API framework is designed to prevent. But the question of whether the same company that sells the ads should also control the tools available to block them is one that the technical merits alone do not answer.