Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Google Chrome adds User Alignment Critic for Gemini agentic browsing defense

Security Tool/Service
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Google is adding User Alignment Critic to Chrome for upcoming Gemini-powered agentic browsing, strengthening defenses against indirect prompt injection and unsafe browser actions. The update matters because it adds a dedicated review layer, Origin Sets, and user confirmation steps to reduce the risk of data exposure and fraudulent transactions in autonomous web tasks.

Related Happenings

Chromium JavaScript background RCE flaw

Vulnerability
First: 21.05.2026 21:13 Last: 21.05.2026 21:13 Sources 1

About this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...

Open Happening

Google expands Gemini AI for malicious ad blocking on Google Ads

Security Tool/Service
First: 16.04.2026 18:24 Last: 16.04.2026 18:24 Sources 1

About this happening: **Google** expanded **Gemini AI** use across its ad platforms to detect and block **malicious ads** in real time, reducing scam and malvertising exposure at scale. The move matter...

Open Happening

LayerX font-rendering PoC exposes a browser-rendering gap in AI assistant analysis

Technical Analysis
First: 17.03.2026 15:59 Last: 17.03.2026 15:59 Sources 1

About this happening: A **LayerX** proof-of-concept showed that a **font-rendering attack** can hide malicious webpage commands from AI assistants, creating a risk of **unsafe guidance** when the brows...

Open Happening

Chrome Skia and V8 exploited zero-days (multiple vulnerabilities)

Vulnerability
First: 13.03.2026 11:17 Last: 13.03.2026 11:17 Sources 1

About this happening: **Chrome** on **Windows, macOS, and Linux** is affected by two **high-severity zero-days**, **CVE-2026-3909** and **CVE-2026-3910**, that Google says were **exploited in the wild*...

Open Happening

Chrome emergency zero-day patch (CVE-2026-3909, CVE-2026-3910)

Security Patch Release
First: 13.03.2026 08:56 Last: 13.03.2026 08:56 Sources 1

About this happening: **Google** pushed an **emergency Chrome update** for **Stable Desktop users** on **Windows, macOS, and Linux** after confirming **CVE-2026-3909** and **CVE-2026-3910** are **explo...

Latest development: 13.03.2026 11:17

Google discovers and reports CVE-2026-3909, an out-of-bounds write vulnerability in the Skia 2D graphics library, and CVE-2026-3910, an inappropriate implementation vulnerability in the V8 JavaScript and WebAssembly engine, on March 10, 2026; both issues are reachable via crafted HTML pages.

Open Happening

Timeline

  1. 08.12.2025 20:08 2 articles · 5mo ago

    Google introduces User Alignment Critic for Chrome agentic browsing

    Initial Disclosure

    Google introduces User Alignment Critic in Chrome to protect Gemini-powered agentic browsing, using an isolated second Gemini model, Origin Sets, user confirmation for sensitive sites and Password Manager sign-ins, and a dedicated classifier for indirect prompt injection. The layered controls are meant to reduce unsafe browser actions, user data exposure, and fraudulent transactions, while automated red-teaming and bounty payments of up to $20,000 are planned to strengthen the system.

    Show sources
    Open in new tab