Hello Chromium extension developers,
TL;DR: Chrome 106 will include a change that causes `chrome.runtime` to no longer be defined unconditionally on all sites. Websites must always expect `chrome.runtime` to be undefined in contexts where there is no connectable extension.
Over the past couple of months, we have taken steps to remove Chrome's legacy U2F security API. This API was implemented in a hidden Chrome extension called CryptoToken, which by design was externally connectable from all URLs. The presence of this extension meant that `chrome.runtime` was effectively always defined on any web origin, because there was always at least one extension to connect to, even if the user installed no other connectable extensions themselves. As part of the U2F removal process, Chrome 106 stops loading CryptoToken by default, which means that `chrome.runtime` will now be undefined in contexts where there is no other connectable extension.
Websites should never assume that `chrome.runtime` is defined unconditionally. As a temporary escape hatch, the effects of this change can be reversed by enabling the chrome://flags/#load-cryptotoken-extension flag or an upcoming enterprise policy named "LoadCryptoTokenExtension".
Cheers,
Martin Kreichgauer