Google has announced major security upgrades to the Chrome browser as tech companies rapidly roll out AI browser agents and agentic tools. Security researchers have warned that these AI driven features could create new types of vulnerabilities, especially through indirect prompt injection attacks. To address these risks, Google is introducing a separate large language model called User Alignment Critic to monitor and verify the actions of Chrome’s AI agent.
The company said on Monday that the new security layer will sit in an isolated environment, away from any untrusted web content. It will review the actions suggested by the AI agent and block any actions that appear unsafe or misaligned. This comes as Google prepares to enhance Chrome with agentic capabilities, following the recent integration of its Gemini chatbot in the browser, which is currently available only in the United States.
Google also said that it is adding origin isolation to limit what websites the AI agent can interact with. It explained that its approach includes user confirmation for sensitive tasks, real time threat detection, and continuous red teaming. These measures are designed to prevent attacks where hidden instructions in web pages trick an AI agent into transferring money or leaking sensitive data from logged in accounts.
Earlier, researchers had identified a similar risk in another company’s AI powered browser agent, where malicious instructions could allow attackers to access emails, passwords, and other private information. Google’s own Antigravity platform has also listed indirect prompt injection as a known issue.
Google outlined the key components of Chrome’s new defence layer. User Alignment Critic is a Gemini model that checks every proposed action from the planner model and blocks unsafe steps while sending corrective feedback. Origin Sets restrict the AI agent to specific websites relevant to the user’s task or information the user has chosen to share. Chrome will also scan web pages for indirect prompt injection attempts, along with its regular security checks.
Google added that it has developed automated red teaming systems that repeatedly test the browser using AI driven attacks. It is also offering rewards of up to twenty thousand dollars for anyone who reports breaches in the new system.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
