Google details the security measures for Chrome’s proxy features

A growing number of browsers are experimenting with agent features that will take actions on your behalf, such as booking tickets or shopping for different items. However, these abilities are also proxy come with Security risks Which may lead to loss of data or money.

Google has detailed its approach to user security on Chrome using user action monitoring and consent models. The company inspected Proxy capabilities on Chrome in September These features will be rolled out in the coming months, he said.

The company said it uses the help of some models to monitor agents’ actions. Google said it built a User Alignment Critic using Gemini to audit action items generated by a blueprint model for a given task. If the critical model believes that the planned tasks do not serve the user’s goal, it asks the planner model to rethink the strategy. Google notes that the critic model only sees metadata for the suggested action and not the actual web content.

Furthermore, to prevent proxies from accessing unauthorized or untrustworthy sites, Google uses proxy origin sets, which restrict the model to access read-only origins and read-writeable origins. A read-only asset is the data from which Gemini is allowed to consume content. For example, on a shopping site, menus are task-relevant, but banner ads are not. Likewise, Google said that an agent is only allowed to click or type on certain iframes of a page.

“This limitation enforces that only data from a limited set of assets is available to the agent, and this data can only be passed to writable assets. This limits the threat vector of cross-origin data leakage. This also gives the browser the ability to enforce some of this separation, for example by not submitting form data that falls outside the readable set,” the company said in a blog post.

Google also checks page navigation by checking URLs through another observer form. The company said this can prevent navigation to malicious URLs generated by the form.

The search giant said it is also handing over the reins to users for sensitive tasks. For example, when an agent tries to navigate to a sensitive site that contains information like your banking or medical data, it asks the user first. For sites that require a login, you’ll ask the user for permission to allow Chrome to use your password manager. Google said the proxy model is not exposed to password data. The company added that it will ask users before taking actions such as making a purchase or sending a message.

In addition, it also has a fast classifier to prevent unwanted actions, and is also testing the agent’s capabilities against attacks created by researchers, Google said.

AI browser makers also care about security. Earlier this month, Perplexity was released A new model for open source content detection To prevent injection attacks against clients.