Your browser obeys someone else

Over the past year, Google Chrome disabled uBlock Origin on the machines where it was installed and functioning. The extension had not changed. It was current, signed, and distributed through the official Chrome Web Store. No malicious code was found in it. No compromise occurred. The browser updated itself through its own channel, evaluated the extension against a new platform definition, and turned it off. The owners of those machines performed no action. Software they had selected, installed, and relied on for years stopped running.

Nothing failed in the technical sense. The browser executed exactly the sequence it was built to execute. It received an update, applied it, checked the manifest version each installed extension declared, compared that against the versions the platform now accepted, and removed the capability of those that no longer qualified. Every component behaved according to specification. The content filtering that hundreds of millions of users depended on ended anyway, simultaneously, without a single one of them touching a setting.

The public response processed this as a vendor decision and answered it with a consumer decision. Search interest in Firefox, Mullvad Browser, the DuckDuckGo browser, and Zen spiked. Forum threads framed the question as which replacement to install. The event was filed under choice: Google chose to do this, so users choose to leave. That framing describes the moment accurately and the system not at all.

It did not start this way. A browser was originally a local artifact. A program was installed once, onto a machine, and its configuration persisted until the owner of that machine changed it. The trust model underneath was simple and went unstated because it seemed structural rather than chosen: trust decisions are made at the moment of installation and remain valid afterward. Installing an extension was a grant of capability from the machine’s owner to a piece of software, and the grant was durable. The environment in which the grant was made was assumed to be the environment in which it would be exercised.

The model assumed two specific properties of trust: persistence and transferability. Persistence meant that a capability present today would be present tomorrow unless the owner removed it. Transferability meant that trust extended to version N carried forward to version N+1, because the update channel was understood to deliver continuity. Updates were maintenance. They repaired the thing that existed; they did not redefine what the thing was. Under this model, the name Chrome referred to a stable object, and the name uBlock Origin referred to a stable object, and the relationship between them, once established, simply held.

The model also assumed that the platform and the things running on it were separable concerns. The execution environment validated the extension: its signature, its source, its identity. Nothing validated the environment itself, because the design assumed there was nothing to validate. The terms under which an extension was admitted were treated as fixed. The trust grant was anchored to the moment of installation and never revisited, not through oversight, but because the architecture contained no concept of the terms changing underneath a grant that had already been made.

What changed was not the extension, not the users, and not any attacker capability. What changed was the validity of the assumption of a stable execution environment. Over time, the browser stopped being a local artifact and became the endpoint of a continuous distribution system. The binary on disk is now a cache of the current state of a remote channel. The name Chrome no longer resolves to a stable object. It resolves to whatever the channel delivers this week. The machine holds a reference, and the reference is evaluated externally, on a schedule the machine’s owner does not set and is not party to.

The same shift dissolved the extension layer. An installed extension is no longer a file the owner possesses. It is a standing subscription to whatever the store currently resolves that identifier to, under whatever platform rules currently exist. When the platform definition moved from Manifest V2 to Manifest V3, the system did not re-evaluate the original trust grant against the new terms. It could not. The grant was recorded once, at installation, against an environment that no longer exists. The system inherited that trust forward through every subsequent update and applied it, unchanged, to a platform the owner never saw and never accepted. The trust persisted. The thing it was attached to did not.

This is where the incident stops being about one vendor and one extension. The debate over which browser to switch to treats the failure as a property of Google, something that resides in a company and can be escaped by changing companies. But every candidate replacement is delivered through the same structure: an auto-updating channel that resolves a name to externally determined state, on the provider’s schedule, under the provider’s evolving terms. The assumption that installed software is owned, that local state is locally controlled, no longer holds anywhere in consumer software distribution. That assumption did not break in 2025. It had been invalid for years. Chrome disabling uBlock Origin was simply the moment the gap between the assumed model and the operating model became observable to the people standing inside it.

The mechanism is visible in the sequence the browser performed and in what each step actually checked. The update arrived through the official channel carrying a valid signature, so it was applied. The extension record named an identifier, and the identifier matched the store’s current entry, so the record was honored. The new platform definition listed which manifest versions remained admissible, the extension’s declared version was not among them, and the capability was removed. At every step the system validated something. At no step did it validate the thing the owner cared about. Each check confirmed identity of source. No check confirmed integrity of meaning, whether the state being applied was still the state that had been agreed to. The signature check passed because the update was authentic, and authenticity was the only property the system was built to enforce. The owner’s original grant was never an input to any check the system ran.

This is reference replacing validation. The machine did not hold uBlock Origin. It held a pointer to uBlock Origin, and it held a pointer to Chrome, and both pointers were dereferenced remotely on every update cycle. Resolution was treated as equivalent to verification: if the name resolved through the legitimate channel, the result was executed. The disabling was not a bypass of the trust model. It was the trust model operating at full fidelity. The system was built to accept whatever the channel delivered under a verified identity, and that is precisely what it did. Expected behavior, executed completely, produced an outcome the owner never selected.

What the owner observed afterward completes the picture. The extensions page still listed the software they had chosen. The entry remained, the icon remained, the install record remained. A notice stated the extension was no longer supported. Nothing was hidden and nothing was falsified. The system reported its own behavior accurately. But the artifact of consent persisted while the substance it referred to had been removed. The record of the grant continued to signal continuity. The capability the grant existed to provide was gone. The artifact outlived the thing it documented, and the interface displayed the artifact.

The pattern, stated once: execution based on reference, not verification. A system holds a name. The name is resolved by an external authority at execution time. Whatever the resolution returns is executed, because the trust decision was attached to the name, made once, and never re-evaluated against what the name currently yields. The name is stable. The thing it resolves to is not. Every property the owner believes about the system is a property of a past resolution, carried forward on the assumption that resolution is continuity.

The same mechanism operated in a different layer in 2024, when the polyfill.io domain changed ownership. The reference embedded in more than one hundred thousand websites remained character for character identical. The content it resolved to changed and began serving malicious redirects. Every page carrying that reference executed the new content immediately and globally, without any operator acting. No site was breached. Each browser fetched the URL it was instructed to fetch and executed what was returned, exactly as designed. The trust had been granted to a reference years earlier, under different ownership of the resolver, and the reference carried that trust forward without re-examination. Different actors, different intent, identical mechanism.

The two cases appear unrelated. One is a platform vendor narrowing an extension API. The other is a hostile acquisition of a script host. With intent removed, the structure is the same: a durable reference, an external resolver, execution of whatever resolution returns, and a trust grant anchored to a moment that no longer exists. Intent is the variable. Mechanism is the constant. This is why changing resolvers, Google to Mozilla, one update channel to another, changes the authority performing resolution and leaves the mechanism untouched. The exposure does not disappear. It moves.

Software that updates itself is software that is resolved, not possessed. The machine holds names. Someone else holds what the names mean.

The system resolves trust once, at installation, and inherits it forward through every state the channel delivers. It does not revalidate, because revalidation is not a behavior the architecture defines. There is no drift away from the design here. The design is the drift.

The install record persists. The consent it documents refers to an environment that no longer exists. The control exists. The outcome does not.