Add an API to trigger extension update

[nir-walkme]

Currently, browsers are checking for new versions of an extension in an interval of a few hours. Sometimes it can take more than a day for an extension to get updated for a user.

This may have critical outcomes in case the extension update was meant to fix a security vulnerability or a critical bug.
In today's world where SaaS applications are dominant, this behavior is no longer the standard. Today's users expect instant updates in case of a security vulnerability or a critical bug.
Moreover, modern hackers are used to exploiting zero day vulnerabilities very fast and every second counts until the vulnerability gets fixed.

Manifest V3 makes this problem even more severe. In Manifest V3 remotely hosted code is no longer allowed. This means that more critical code will be embedded in the extension and not served from a remote domain. The need to update the extension quickly now becomes more imperative.

We suggest to add an API for the extensions to ask the browser to check for extension update (either if it hosted on the store or remotely hosted).

The typical use case would be:

1. The extension is communicating frequently with a remote server to receive configuration and data.
2. In case of a security vulnerability or a critical bug and after a fix was released, the remote server would notify the extension.
3. The extension would call the mentioned new API.
4. The browser will check if an update exists and will install the new version.

[carlosjeurissen]

All in favor of this! Been dealing with this in the past as well. Seems the review time of the stores is the biggest bottleneck, but any time we can save can be welcome.

One could think about an API like:

browser.management.getUpdateAvailable()

Which would return a promise with a boolean stating an update is available or not. Or it could return an object with additional info on the update like the version number and updateUrl.

An update could then be installed using:

browser.management.installUpdate()

Still it's worth exploring how we can speed up the review process on stores as well.

[carlosjeurissen]

As mentioned during the 2021-10-28 meeting, a way to check if an update exists is currently available in Chrome, Edge and Opera. See:
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/runtime/requestUpdateCheck

[Rob--W]

I'm adding chrome:implemented given that a method exists at https://developer.chrome.com/docs/extensions/reference/api/runtime#method-requestUpdateCheck

Here is a feature request in Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1740508

@xeenon What is Safari's position here? Since extensions in Safari are bundled with apps, I don't know if it makes much sense to have such a method, but who knows.