Tag
manifest-v3
Safeguard articles tagged "manifest-v3" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Application Security
Browser extensions are the softest target in your stack
A patched Grammarly bug let any website steal a user's documents; a 2025 flaw in Anthropic's Claude extension enabled silent prompt injection. Extensions keep failing the same three ways.
Jul 8, 20267 min read
Supply Chain Attacks
Chrome extension marketplace hijack: the acquired-and-weaponized pattern
Legitimate Chrome extensions keep getting acquired and turned malicious, and content_scripts give the new owner code execution inside every user's browser session. Here is why the pattern keeps working in 2026 and what defenders can do about it.
May 12, 20269 min read
Browser Security
Chrome Extension Manifest V3: What It Means for Browser Supply Chain Security
Chrome's Manifest V3 restricts extension capabilities in the name of security. The changes help, but they do not solve the browser extension supply chain problem.
Mar 15, 20235 min read