Webassembly (and this library) is forbidden in Chrome extension manifest V3

[KatarinaSimnova]

Hello, we use this library in our browser extension. Chrome revealed Manifest V3 (new extension platform version) and is about to end support for Manifest V2. In Manifest V3, Webassembly is forbidden for security reasons. Now we are in quite a tough situation, we need javascript libsodium library that does not use Webassembly to be able to smoothly migrate to the Manifest V3 version without damaging our product.

Would it be possible for you to create a non-wasm version of this library? So that browser extension developers can continue to use this awesome library. While there is not a sufficient replacement for this library. We can't just downgrate libsodium wrapper to version 0.5.4 (without wasm) because it does not contain all the crypto functions we need (for example ARGON2ID password hashing algorithm). So we would probably need the newest version of C libsodium library with an old js wrapper without wasm.

[jedisct1]

Hi!

libsodium.js still bundles the JavaScript version in addition to the WebAssembly version.

If an exception is returned when used in a Chrome extension, the wasm support detection code is likely to be the culprit: https://github.com/jedisct1/libsodium/blob/7d67f1909bfa6e1225469dbcdb0229c5a9bbf8e2/dist-build/emscripten.sh#L86-L143

Do you know what changes should be made to that code in order to have the JS version (the "backup module") used in the context of a Chrome extension?

[scholtzm]

Manifest v3 replaces "background page" with service worker and disallows wasm-eval in Content Security Policy.

This is the error when libsodium loads inside extension's service worker:

[KatarinaSimnova]

Ok, the problem is on our side. We use MEMLIMIT_INTERACTIVE in the crypto_pwhash function. While in webassembly it runs smoothly, in javascript it does not work at all (returns an empty buffer). Which makes our migration quite problematic. But this is probably not something you can help us with. Therefore, thank you very much for your quick response, this issue can be closed.

[andybin-cdc]

Hi, @scholtzm do you resolve this problem? I have the same problem.

[scholtzm]

Hi, @scholtzm do you resolve this problem? I have the same problem.

Haven't solved the issue yet. Ideally, Chromium should allow wasm in Mv3 the same way it works in Mv2.

@jedisct1 Is there any workaround for the issue with MEMLIMIT_INTERACTIVE mentioned in the comment above?

edit. Seems like wasm functionality has been restored in Mv3 since Chromium v102. You can test it out in latest Chrome Canary.

[LeventCelik]

Hi all, we are having a similar issue and getting the same error. I see that it works in Chrome Canary, but we are hesitant to use it still as we will release the extension on Chrome.

Does Canary having this imply that Chrome will adapt this in close future?

[scholtzm]

@LeventCelik Stable release is planned for Tue, May 24, 2022.