Comment by whatshisface
Comment by whatshisface a day ago
>But I don't know how to make an adblocker, so I decided to report the issue to Google in August 2023. It was patched in Chrome 118 by checking whether extensions using opt_webViewInstanceId actually had WebView permissions. For the report, I netted a massive reward of $0. They decided it wasn't a security issue, and honestly, I agree, because it didn't give extensions access to data they didn't already have.
The effort to overcome the community's chance at discovering the workaround?
It was never going to last long enough anyways, being sure to get patched as soon as any adblocker uses it.
It's however still interesting in the sense that it might be fairly trivial to change, so chances are the next adblockers are going to ship executable that wrap chrome, modifying something like that at launch, allowing their extension to make use of it.
Obviously Google is going to hate it when random popular extensions start nagging users to download and install "companion" software in order to work, since that will train users to not think twice about these things and bypasses legitimate security efforts.
But Google made their own bed - and that of their users. Now they all get to lie in it together.