Blog

In November 2018, Google Announced the Introduction of Manifest V3. Google's announcement marked a significant shift for extension developers and users alike. With Google starting to phase out extensions still running on Manifest V2, Mailvelope, like many other extensions, is adapting to this change with its new version 6.0, which began rolling out on November 8th for Chrome users.

What is Google Manifest V3?

Manifest V3 serves as the latest framework for browser extensions, providing a more secure and resource-efficient approach to managing permissions, functionality, and operations. It replaces the traditional background scripts, which ran continuously in the background of the browser, with service workers—event-driven processes that operate only when required. This shift reduces long-running tasks, improving browser performance by ensuring extensions do not disrupt the main browsing experience.

Another significant feature of Manifest V3 is the implementation of stricter permission controls and the prohibition of remote code execution. Mailvelope’s browser extension has adhered to these principles from the outset, ensuring that even in the event of an API compromise, the extension operates as an independent security layer, safeguarding user confidentiality.

For Mailvelope, these updates align closely with its already established focus on security. However, adopting Manifest V3 required substantial architectural changes. One of the biggest challenges was transitioning to the service worker model. Previously, runtime memory was managed for various application contexts, such as login, encryption, and key management, using background scripts. Each context was isolated to maintain security and prevent unauthorized access. With service workers, which can pause or terminate at any time, this memory structure had to be reimagined.

We are pleased that with version 6.0, we have successfully addressed these technical challenges, ensuring Mailvelope operates seamlessly even under the more restrictive policies of the hosting browser.

Impact on Mailvelope Users

Thanks to the extensive work done behind the scenes to adapt to Manifest V3’s constraints without disrupting the user experience, the transition for Mailvelope users will be seamless. The extension’s functionality stays the same, providing the same features in a framework designed for greater efficiency and security.

Users will also benefit indirectly from Manifest V3’s strengthened policies. Improvements in resource management under Manifest V3 will lead to better overall performance, particularly for those who rely on multiple browser extensions running at the same time in their browsers.

What About Firefox and Edge?

Mailvelope for Firefox will continue to use Manifest V2 in the medium term, as Firefox supports both Manifest V2 and V3. We are actively evaluating the possibility of transitioning to Manifest V3 for Firefox in the future.

While remaining on Manifest V2, updates for Firefox will follow a separate versioning scheme (v5.x.x) to clearly differentiate between the Firefox and Chrome versions of Mailvelope.

A Manifest V3-compliant version for Edge will be released soon, ensuring that Edge users benefit from the same security and performance enhancements introduced with this update.

What Else Changed in Mailvelope V6.0?

We also implemented some smaller updates in Mailvelope V6.0:

• Improved detection of attachments within MIME messages: Ensures detection of sent attachments even in complex email structures.
• Enhanced compatibility with multipart/signed messages containing S/MIME signatures: For improved compatibility with a wide range of email clients.
• Improved Key Expiry Date Picker: The datepicker for setting key expiry dates during key generation got an update, ensuring better UI consistency.
• Enhanced Domain Authorization: We’ve introduced automatic port detection, simplifying the setup process and making it more user-friendly.

For a comprehensive list of all changes and fixes, visit the Mailvelope v6.0 GitHub release notes.