Google Chrome adds User Alignment Critic for Gemini agentic browsing defense
Security Tool/Service
Summary
Hide ▲
Show ▼
Google is adding User Alignment Critic to Chrome for upcoming Gemini-powered agentic browsing, strengthening defenses against indirect prompt injection and unsafe browser actions. The update matters because it adds a dedicated review layer, Origin Sets, and user confirmation steps to reduce the risk of data exposure and fraudulent transactions in autonomous web tasks.
Related Happenings
Indirect prompt-injection web campaigns targeting AI agents
Campaign
H score37
First: 06.07.2026 18:00
Last: 06.07.2026 18:00
Sources 1
About this happening:
**Two real-world campaigns** are using **indirect prompt injection** and **SEO poisoning** to steer **AI agents** into fraudulent actions and false legitimacy judgments. The lures...
Indirect prompt-injection web campaigns targeting AI agents
CampaignAbout this happening: **Two real-world campaigns** are using **indirect prompt injection** and **SEO poisoning** to steer **AI agents** into fraudulent actions and false legitimacy judgments. The lures...
Google Chrome DBSC rolls out session-cookie theft protection for all users
Security Tool/Service
H score10
First: 29.05.2026 15:08
Last: 29.05.2026 15:08
Sources 1
About this happening:
Google's **Chrome Device Bound Session Credentials (DBSC)** is now **generally available** and rolling out to **all users**, reducing the risk of **account takeovers** from stolen...
Google Chrome DBSC rolls out session-cookie theft protection for all users
Security Tool/ServiceAbout this happening: Google's **Chrome Device Bound Session Credentials (DBSC)** is now **generally available** and rolling out to **all users**, reducing the risk of **account takeovers** from stolen...
Chromium JavaScript background RCE flaw
Vulnerability
H score16
First: 21.05.2026 21:13
Last: 21.05.2026 21:13
Sources 1
About this happening:
The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
Chromium JavaScript background RCE flaw
VulnerabilityAbout this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
Google expands Gemini AI for malicious ad blocking on Google Ads
Security Tool/Service
H score56
First: 16.04.2026 18:24
Last: 16.04.2026 18:24
Sources 1
About this happening:
**Google** expanded **Gemini AI** use across its ad platforms to detect and block **malicious ads** in real time, reducing scam and malvertising exposure at scale. The move matter...
Google expands Gemini AI for malicious ad blocking on Google Ads
Security Tool/ServiceAbout this happening: **Google** expanded **Gemini AI** use across its ad platforms to detect and block **malicious ads** in real time, reducing scam and malvertising exposure at scale. The move matter...
LayerX font-rendering PoC exposes a browser-rendering gap in AI assistant analysis
Technical Analysis
H score25
First: 17.03.2026 15:59
Last: 17.03.2026 15:59
Sources 1
About this happening:
A **LayerX** proof-of-concept showed that a **font-rendering attack** can hide malicious webpage commands from AI assistants, creating a risk of **unsafe guidance** when the brows...
LayerX font-rendering PoC exposes a browser-rendering gap in AI assistant analysis
Technical AnalysisAbout this happening: A **LayerX** proof-of-concept showed that a **font-rendering attack** can hide malicious webpage commands from AI assistants, creating a risk of **unsafe guidance** when the brows...
Timeline
-
08.12.2025 20:08 2 articles · 7mo ago
Google introduces User Alignment Critic for Chrome agentic browsing
Initial DisclosureGoogle introduces User Alignment Critic in Chrome to protect Gemini-powered agentic browsing, using an isolated second Gemini model, Origin Sets, user confirmation for sensitive sites and Password Manager sign-ins, and a dedicated classifier for indirect prompt injection. The layered controls are meant to reduce unsafe browser actions, user data exposure, and fraudulent transactions, while automated red-teaming and bounty payments of up to $20,000 are planned to strengthen the system.
Show sources
- Google Chrome adds new security layer for Gemini AI agentic browsing — www.bleepingcomputer.com — 08.12.2025 20:08
- Google Chrome adds new security layer for Gemini AI agentic browsing — www.bleepingcomputer.com — 08.12.2025 20:08