Google is days away from permanently removing the last technical mechanism keeping uBlock Origin alive in Chrome — an irreversible change that will strip effective ad and tracker blocking from the world's most widely used browser and expose tens of millions of users to the malware-delivery threat that US federal security officials have specifically recommended ad blockers to guard against.
Chrome 150, scheduled for the stable channel on June 30, will delete the ExtensionManifestV2Disabled flag from its codebase entirely. Google engineer Devlin Cronin confirmed the removal in a Chromium code review commit. A follow-on release, Chrome 151, expected approximately four weeks later, will strip all remaining Manifest V2-related flags and registry overrides. Once those changes land, there is no supported workaround, no enterprise policy override, and no hidden setting that restores MV2 functionality. "MV2 extensions are no longer allowed in any supported version of Chrome," Cronin stated, "and we are removing support for them and the associated functionality. We won't be able to provide or maintain this functionality indefinitely due to the complexity and tech debt, as well as the security risks it entails."
For the tens of millions of users who have run uBlock Origin in Chrome, the extension will stop functioning the moment Chrome 150 installs.
June 30: What Chrome 150 Actually Removes
The ExtensionManifestV2Disabled flag has served as a last-resort lifeline for technically sophisticated users and enterprise IT departments who kept MV2 extensions running after Google completed its main phase-out in mid-2025. Chrome 138, released July 24, 2025, permanently disabled MV2 for all standard Chrome users and removed the in-browser settings toggle. Chrome 139 then eliminated the enterprise override policy. What remained was this single flag — a residual hook in Chrome's codebase allowing controlled re-enablement for those who knew to use it. Chrome 150 removes it from the code entirely. Chrome 151 will close the remaining DevTools workaround as well.
The scale of the change is substantial. Chrome commands roughly 65 percent of the global browser market, making this the most consequential shift in browser extension architecture since the Chrome Web Store launched in 2010. Microsoft Edge, which is also built on the Chromium codebase, is following the same deprecation timeline.
Static Rules vs. Dynamic Blocking: How the API Change Limits Your Protection
At the heart of the Manifest V3 transition is a fundamental architectural shift in how browser extensions interact with Chrome's network layer — and understanding it is the only way to evaluate whether MV3 alternatives genuinely replace what is being lost.
Under Manifest V2, Chrome's webRequest API allowed extensions to intercept every network request in real time, before it reached its destination. Extension JavaScript evaluated each request on the fly and could dynamically block, redirect, or modify it based on any logic the developer chose — including logic that updated instantly in response to new tracker domains or emerging advertising techniques. This architecture enabled uBlock Origin's cosmetic filtering, its custom filter lists, and its element picker: the extension could apply tens of thousands of adaptive rules simultaneously, inspect page elements after they loaded, and respond to new threats without waiting for an approved update through the Chrome Web Store.
Manifest V3 replaces that dynamic interception with the declarativeNetRequest API, which requires extensions to submit pre-compiled JSON rule sets that Chrome evaluates natively inside its own network stack. The current rule limits are 330,000 static rules and 30,000 dynamic rules. Extensions cannot run arbitrary JavaScript against each request; they can only declare rule sets in advance and let Chrome enforce them.
There are genuine security benefits to this model. Because extensions can no longer execute arbitrary code against every network request, a compromised extension cannot silently intercept passwords, redirect traffic, or inject code into visited pages. A recent case illustrates exactly the risk the old model carried: the "Save Image As Type" extension — which had hundreds of thousands of Chrome users — was hijacked by a group calling itself Karma and modified to steal affiliate commissions from e-commerce transactions. The compromise went undetected for months because the extension's access to network traffic made the modification invisible to casual inspection.
But the security gain comes at a measurable cost. Raymond Hill, the developer of uBlock Origin, has stated plainly: "There is no Manifest v3 version of uBO." The extension's lighter replacement, uBlock Origin Lite, operates within MV3's constraints but supports only a fraction of the original's filter lists and cannot perform cosmetic filtering — the technique that hides ad-related page elements by CSS selector after a page loads. Cosmetic filtering is what blocks modern advertising systems that switch to new domains faster than a static rule set can be reviewed and updated. Under MV3, that cat-and-mouse race is no longer playable.
There is also a structural asymmetry in Google's stated privacy rationale. Manifest V3 removed the blocking version of webRequest, but the non-blocking observational version remains in the platform. Extensions can still receive notifications about every network request a browser makes; they simply can no longer stop those requests dynamically. The privacy improvement Google cited as justification for weakening ad blockers is therefore partial: extensions retain full visibility into outgoing traffic while losing the ability to act on it in real time — a distinction Ghostery's engineering team documented in a 2019 technical analysis of the API change.
Google Built Advertising on the Web It Is Now Making Harder to Block
Critics of the transition have argued from the beginning that the security rationale is inseparable from Google's financial interest. The Electronic Frontier Foundation called Manifest V3 "another example of the inherent conflict of interest that comes from Google controlling both the dominant web browser and one of the largest internet advertising networks," and its technologists noted that Google has trackers installed on 75 percent of the top one million websites. Jonathan Mayer, a Princeton University professor and former FCC chief technologist, described Chrome as a browser that "lacks meaningful privacy protections by default" and whose changes "are all directly attributable to Google's surveillance business model."
The timing compounds the concern. Google's AI search overhaul, announced at its I/O 2026 developer conference, is already accelerating a collapse in search referral traffic for publishers who depend on it. The simultaneous weakening of content blockers in Chrome means users will encounter more advertising on the pages they do visit, while Google's AI-generated answers increasingly substitute for those pages entirely. The combined effect consolidates Google's position over both how users discover content and how that content is monetized.
That conflict plays out against an active legal backdrop. A federal judge found in September 2025 that Google had illegally maintained a monopoly in the search market. The US Department of Justice and 38 states have since filed a cross-appeal seeking stronger remedies, including structural separation of Google's Chrome browser. Separately, a ruling in April 2025 found Google had illegally monopolized two advertising technology markets. The European Union fined Google €2.95 billion in January 2026 for its ad-tech practices. The company weakening the most effective ad-blocking tool available to Chrome users is doing so while under active judicial findings of monopolistic conduct in the very advertising markets that tool affects.
What Security Experts Say About Losing Dynamic Filtering
The weakening of ad blockers in Chrome does not merely inconvenience privacy-conscious users. It reduces the effectiveness of a documented security layer.
A capacity enhancement guide published by the US Cybersecurity and Infrastructure Security Agency specifically recommends that organizations evaluate ad-blocking software as a defense against malvertising — the delivery of malware through legitimate advertising networks. The CISA guide states that ad blocking "reduces risk of malicious advertisements or redirects to malicious or phishing sites" and identifies malvertising as a threat that "can compromise a network even if you do not click on an ad." The National Security Agency made a parallel recommendation in 2018. CISA also notes, in the same guide, that ad-blocking browser extensions carry their own security risks because they "operate with high levels of privilege and have access to all data traffic" — the same tradeoff at the heart of the MV3 debate.
Read more: Study: Millions of Google Chrome Web Store Users at Risk of Running Extensions Infected with Malware
Malvertising does not require a user to click on an infected ad. It exploits vulnerabilities in browsers and plugins to execute malicious code the moment a page loads. Research published in the Proceedings on Privacy Enhancing Technologies in 2026 found no statistically significant reduction in overall network-level ad-blocking effectiveness between MV3 and MV2 versions of popular blockers tested under controlled conditions. But the study measured network-layer blocking, not cosmetic filtering — and it predates the final removal of the last MV2 overrides now occurring in Chrome 150 and 151. For the 59 percent of ad-blocker users who report using them specifically to stop malware, and the 54 percent who use them for privacy protection, the MV3 transition represents a real and only partially studied change in their defensive capability.
Firefox and Brave Keep Full Support: What Chrome Users Must Do Now
Two major browsers offer a path to retaining full-capability ad blocking.
Mozilla's Firefox continues to support both Manifest V2 and full uBlock Origin in its original form. Mozilla has implemented its own version of Manifest V3 but retained backward compatibility with the blocking webRequest API — a deliberate decision to preserve user-controlled content filtering. Brave, which is Chromium-based, bypasses the extension framework entirely by building its ad-blocking engine directly into the browser at the system level, making it immune to changes in Chrome's extension API.
Opera, which is also Chromium-based, publicly stated in September 2025 that it is "actively working" to maintain MV2 support for as long as technically reasonable. Technical analysis of Chromium codebase changes suggests that pressure may eventually make that position untenable, but Opera's current public commitment distinguishes it from Chrome and Edge on this question.
For users who stay on Chrome, uBlock Origin Lite — the MV3-native version maintained by Raymond Hill — blocks a significant portion of network-level ads and trackers within the rule-cap constraints. It does not support cosmetic filtering, custom filter lists of full size, or real-time adaptive blocking. DNS-level filtering tools such as NextDNS or Pi-hole operate outside the browser framework entirely and are unaffected by changes to Chrome's extension API. Enterprise IT teams should audit extension inventories and identify any MV2 dependencies before the June 30 deadline.
Are MV3-Based Ad Blockers Enough to Replace uBlock Origin?
The honest answer depends on what a user needs from their ad blocker.
For users whose primary goal is blocking common ad networks on mainstream websites, MV3 alternatives — including uBlock Origin Lite, AdGuard for Chrome, and Ghostery — handle most of that blocking most of the time. AdGuard completed a full MV3 migration using an automated build pipeline to update its static filter sets continuously, which partially addresses the problem of static rule sets falling behind fast-moving tracker networks.
For users who rely on uBlock Origin's dynamic element picker, custom filter lists, advanced per-site scripting controls, or cosmetic filtering to handle modern advertising infrastructure that adapts faster than a store review can catch up — no MV3 extension in Chrome today replicates that capability. The gap is not a temporary engineering deficit waiting to be closed. It is a structural consequence of replacing a dynamic runtime with a static declaration model, and it is operating exactly as Google designed it.
The EFF's assessment from 2021 has not been superseded: a company that sells the ads should not also exclusively control the tools available to block them. After six years of delays, exceptions, and enterprise carve-outs, Chrome 150 lands that control permanently on Google's side of the ledger.
Frequently Asked Questions
Why is uBlock Origin being disabled in Chrome?
Google's Manifest V3 framework, which all Chrome extensions must now comply with, replaces the dynamic webRequest API that uBlock Origin depends on for real-time content blocking. The full uBlock Origin extension is built on Manifest V2, which Chrome permanently disabled for standard users in July 2025. Chrome 150, scheduled for June 30, 2026, removes the last remaining flag that allowed limited technical workarounds to keep MV2 extensions running.
Does uBlock Origin still work on Chrome in 2026?
As of June 15, 2026, the full uBlock Origin (v1.71.0, MV2) remains listed on the Chrome Web Store but is disabled for most users after the July 2025 phase-out. It will stop functioning entirely once Chrome 150 installs on June 30. A separate extension, uBlock Origin Lite, works within Manifest V3 constraints but provides reduced capability — no cosmetic filtering, no full-size custom filter lists, and no real-time adaptive blocking.
What is the best uBlock Origin alternative for Chrome after June 30?
For users staying on Chrome, uBlock Origin Lite is the closest available replacement within MV3's constraints. AdGuard for Chrome and Ghostery are also fully MV3-compatible. For users who want full-capability ad blocking without the limitations Manifest V3 imposes, switching to Firefox or Brave is the only complete solution — both browsers support the original uBlock Origin without restrictions.
Is Manifest V3 bad for privacy?
The answer depends on which privacy risk matters most. Manifest V3's removal of the blocking webRequest API reduces the surface area that a compromised extension can exploit — a genuine security improvement. But the non-blocking observational webRequest, which lets extensions monitor every outgoing request, was retained in MV3. Extensions can still see all network traffic; they simply can no longer stop it dynamically. Whether the resulting reduction in ad-blocking capability increases net privacy exposure by allowing more tracking-based advertising — a question the EFF, independent researchers, and CISA have each addressed in their own way — depends on which threat a user is most concerned about.
ⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission.
