ZadeNor AI
Back to Blog
AI

Google details security measures for Chrome's agentic features

December 9, 2025
5 min
2,344 views
By ZadeNor AI Team
Google details security measures for Chrome's agentic features

Google details security measures for Chrome’s agentic features

Google Details Security Measures for Chrome's Agentic Features

As the world of browsers continues to evolve, a growing number of browsers are experimenting with agentic features that take actions on your behalf, such as booking tickets or shopping for different items. However, these agentic capabilities also come with security risks that could lead to loss of data or money. In a recent move, Google has detailed its approach to handling user security on Chrome using observer models and consent for user action.

Observer Models: The Key to Secure Agentic Actions

Google's approach to securing agentic actions on Chrome involves the use of observer models. These models are designed to scrutinize the action items built by the planner model for a particular task. If the critic model thinks that the planned tasks don't serve the user's goal, it asks the planner model to rethink the strategy. This process is similar to how a human would review and revise a plan before taking action.

Agent Origin Sets: Restricting Access to Untrustworthy Sites

To prevent agents from accessing disallowed or untrustworthy sites, Google is using Agent Origin Sets. These sets restrict the model to access read-only origins and read-writeable origins. Read-only origin is data that Gemini is permitted to consume content from. For instance, on a shopping site, the listings are relevant to the task, but banner ads aren't. Similarly, Google said the agent is only allowed to click or type on certain iframes of a page.

Page Navigation: Preventing Harmful Model-Generated URLs

Google is also keeping a check on page navigation by investigating URLs through another observer model. This can prevent navigation to harmful model-generated URLs, the company said. This is a crucial step in ensuring that the agent doesn't take the user to a malicious site or perform an action that could compromise their security.

User Consent: The Final Check

Google is also handing over the reins to users for sensitive tasks. For instance, when an agent tries to navigate to a sensitive site with information like banking or your medical data, it first asks the user. For sites that require sign-in, it'll ask the user for permission to let Chrome use the password manager. Google said that the agent's model doesn't have exposure to password data. The company added that it will ask users before taking actions like making a purchase or sending a message.

Prompt-Injection Classifier: Preventing Unwanted Actions

In addition to this, Google also has a prompt-injection classifier to prevent unwanted actions. This classifier is designed to detect and prevent prompt injection attacks, which can compromise the security of the agent. By using this classifier, Google can ensure that the agent only takes actions that are intended by the user.

Real-World Implications

The security measures implemented by Google on Chrome are a significant step towards ensuring the security of agentic actions. As more browsers experiment with agentic features, it's essential that they prioritize user security and implement measures to prevent security risks. By doing so, they can provide users with a safe and trustworthy experience.

Forward-Looking Thoughts

As agentic features continue to evolve, it's essential that browser makers prioritize user security and implement measures to prevent security risks. By doing so, they can provide users with a safe and trustworthy experience. Additionally, researchers and developers should continue to explore new ways to improve the security of agentic actions, such as using machine learning algorithms to detect and prevent security threats.

Conclusion

In conclusion, Google's approach to securing agentic actions on Chrome is a significant step towards ensuring the security of these features. By using observer models, Agent Origin Sets, and user consent, Google can prevent security risks and provide users with a safe and trustworthy experience. As agentic features continue to evolve, it's essential that browser makers prioritize user security and implement measures to prevent security risks.

Source: https://techcrunch.com/2025/12/08/google-details-security-measures-for-chromes-agentic-features/

Source: https://techcrunch.com/2025/12/08/google-details-security-measures-for-chromes-agentic-features/

About the Author

ZadeNor AI Team is a leading expert in AI, contributing to cutting-edge research and development in the field.

Share this article

TwitterLinkedInFacebookWhatsAppRedditEmail

Related Posts

The latest AI news we announced in May 2026

The latest AI news we announced in May 2026

<img src="">Here are Google’s latest AI updates from May 2026

229
5 min
The Download: AI hacking beyond Mythos, and chatbots' impact on our brains

The Download: AI hacking beyond Mythos, and chatbots' impact on our brains

This is today's edition of The Download, our weekday newsletter that provides a daily dose of what's going on in the world of technology. The Meta hack shows there’s more to AI security than Mythos On Monday, reports emerged that attackers had used Meta’s AI customer support agent to steal Instagram accounts. Their approach was…

285
5 min
The Meta hack shows there’s more to AI security than Mythos

The Meta hack shows there’s more to AI security than Mythos

On June 5, 404 Media reported that attackers had been using Meta’s AI customer support agent to steal Instagram accounts. Their approach was simple: They asked the agent to link the accounts to email addresses that they controlled, and the agent complied. One attacker broke into the dormant Obama White House account and made pro-Iran…

451
5 min