From 7e52f300528563b1c8121466cb6d4edbe06fc0b9 Mon Sep 17 00:00:00 2001
From: erosman <erosman@users.noreply.github.com>
Date: Fri, 9 May 2025 20:56:50 +0330
Subject: [PATCH] Prevent chrome API access (#583)

`chrome.runtime.connect` & `chrome.runtime.sendMessage` are still accessible to userscripts.
---
 userScripts-mv3/userscript_api.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/userScripts-mv3/userscript_api.js b/userScripts-mv3/userscript_api.js
index 3815cb8..422d94a 100644
--- a/userScripts-mv3/userscript_api.js
+++ b/userScripts-mv3/userscript_api.js
@@ -18,6 +18,7 @@ globalThis.initCustomAPIForUserScripts = grants => {
   // Clear access to privileged API to prevent userscripts from communicating
   // to the privileged backend.
   globalThis.browser = undefined;
+  globalThis.chrome = undefined;
 
   if (grants.includes("GM_info")) {
     // Example of an API that retrieves information: