Google has introduced a major change in how Chrome extensions access the User Scripts API, which allows extensions to inject custom JavaScript into web pages. Starting with
Chrome version 138, users must manually enable a new “Allow User Scripts” toggle for each extension that uses the chrome.userScripts API. This toggle will be found on the extension's details page and replaces the previous requirement of enabling Developer Mode.
The change addresses security concerns that arose when enabling Developer Mode granted all extensions with the userScripts permission unrestricted access. By requiring individual toggles, Google aims to give users more control and reduce potential risks. A one-time migration will automatically activate the toggle for existing extensions if Developer Mode is already enabled, but all new installations will have the setting disabled by default. The move comes as malicious actors continue to exploit extension permissions, with recent findings of fake Chrome extensions used for spying and data theft.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
