{“lastseen”:”2026-02-02T20:05:11″,”description”:”As a Browser Guard user, you might not have noticed much difference lately. Browser Guard still blocks scams and phishing attempts just like always, and, in many cases, even better.\\n\\nBut behind the scenes, almost everything changed. The rules that govern how browser extensions work went through a major overhaul, and we had to completely rebuild how Browser Guard protects you.\\n\\n## First, what is Manifest v3 (and v2)? \\n\\nBrowser extensions include a configuration file called a \\”manifest\\”. Think of it as an instruction manual that tells your browser what an extension can do and how it\u2019s allowed to do it.\\n\\n**Manifest v3** is the latest version of that system, and it’s now the only option allowed in major browsers like Chrome and Edge.\\n\\nIn **Manifest v2** , Browser Guard could use highly customized logic to analyze and block suspicious activity _as it happened_ , protecting you as you browsed the web.\\n\\nWith **Manifest v3,** that flexibility is mostly gone. Extensions can no longer run deeply complex, custom logic in the same way. Instead, we can only pass static rule lists to the browser, called Declarative Net Request (DNR) rules.\\n\\nBut those DNR rules come with strict constraints.\\n\\nRule sets are size-limited by the browser to save space. Because rules are stored as raw JSON files, developers can\u2019t use other data types to make them smaller. And updating those DNR rules can only be done by updating the extension entirely.\\n\\nThis is less of a problem on Chrome, which allows developers to push updates quickly, but other browsers don\u2019t currently support this fast-track process. Dynamic rule updates exist, but they\u2019re limited, and nowhere near large enough to hold the full set of rules.\\n\\nIn short, we couldn\u2019t simply port Browser Guard from Manifest v2 to v3. The old approach wouldn\u2019t keep our users protected.\\n\\n## A note about Firefox and Brave \\n\\nFirefox and Brave chose a different path and continue to support the more flexible Manifest v2 method of blocking requests.\\n\\nHowever, since Brave doesn’t have its own extension store, users can only install extensions they already had before Google removed Manifest v2 extensions from the Chrome Web Store. Though Brave also has strong out-of-the-box ad protection.\\n\\nFor Browser Guard users on Firefox, rest assured the same great blocking techniques will continue to work.\\n\\n## How Browser Guard still protects you \\n\\nGiven all of this, we had to get creative.\\n\\nMany ad blockers already support pattern-based matching to stop ads and trackers. We asked a different question: what if we could use similar techniques to catch scam and phishing attempts before we know the specific URL is malicious?\\n\\nBetter yet, what if we did it without relying on the new DNR APIs?\\n\\nSo, we built a new pattern-matching system focused specifically on scam and phishing behavior, supporting:\\n\\n * Full regex-based URL matching\\n * Full XPath and querySelector support\\n * Matching against any content on the page\\n * Favicon spoof detection\\n\\n\\n\\nFor example, if a site is hosted on Amazon S3, contains a password-input field, and uses a homoglyph in the URL to trick users into thinking they were logging into Facebook, Browser Guard can detect that combination\u2014even if we\u2019ve never seen the URL before.\\n\\n\\n\\n## Why this matters more now \\n\\nWith AI, attackers can create near-perfect duplicates of websites easier than ever. And did you spot the homoglyph in the URL? Nope, neither did I! \\n\\nThat\u2019s why we designed this system so we can update its rules every 30 minutes, instead of waiting for full extension updates. \\n\\n## But I still see static blocking rules in Browser Guard \\n\\nThat\u2019s true\u2014for now. \\n\\nWe’ve found a temporary workaround that lets us support all the rules that we had before. However, we had to remove some of the more advanced logic that used to sit on top of them.\\n\\nFor example, we can\u2019t use these large datasets to block subframe requests, only main frame requests. Nor can we stack multiple logic layers together; blocking is limited to simple matches (regex, domains and URLs).\\n\\nThose limits are a big reason we\u2019re investing more heavily in pattern-based and heuristic protection. \\n\\n## Pure heuristics \\n\\nFrom day one, Browser Guard has used heuristics (behavior) to detect scams and phishing, monitoring behavior on the page to match suspicious activity.\\n\\nFor example, some scam pages deliberately break your browser\u2019s back button by abusing `window.replaceState`, then trick you into calling that scammer\u2019s \u201ccomputer helpline.\u201d Others try to convince you to run malicious commands on your computer.\\n\\nBrowser Guard can detect these behaviors and warn you before you fall for them. \\n\\n## What\u2019s next? \\n\\nDid someone say AI? \\n\\nYou\u2019ve probably seen Scam Guard in other Malwarebytes products. We\u2019re currently working on a version tailored specifically for Browser Guard. More soon!\\n\\n## Final thoughts \\n\\nWhile Manifest v3 introduced meaningful improvements to browser security, it also created real challenges for security tools like Browser Guard.\\n\\nRather than scaling back, the Browser Guard team rebuilt our approach from the ground up, focusing on behavior, patterns, and faster response times. The result is protection that\u2019s different under the hood, but just as committed to keeping you safe online.\\n\\n* * *\\n\\n**We don ‘t just report on scams\u2014we help detect them**\\n\\nCybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we\u2019ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!”,”published”:”2026-02-02T18:11:11″,”modified”:”2026-02-02T18:11:11″,”type”:”malwarebytes”,”title”:”How\u00a0Manifest v3\u00a0forced us to rethink\u00a0Browser Guard, and why\u00a0that\u2019s\u00a0a good thing”,”source”:””,”references”:””,”id”:”MALWAREBYTES:CBE621E9C5ED6865E0F7D50BB2DB2BD8″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/inside-malwarebytes\/2026\/02\/how-manifest-v3-forced-us-to-rethink-browser-guard-and-why-thats-a-good-thing”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-02T20:05:11″,”description”:”As a Browser Guard user, you might not have noticed much difference lately. Browser Guard still blocks scams and phishing attempts just like always, and,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-38590","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n