"Google said it built a User Alignment Critic using Gemini to scrutinize the action items built by the planner model for a particular task. If the critic model thinks that the planned tasks don't serve the user's goal, it asks the planner model to rethink the strategy. Google noted that the critic model only sees the metadata of the proposed action and not the actual web content."
"What's more, to prevent agents from accessing disallowed or untrustworthy sites, Google is using Agent Origin Sets, which restrict the model to access read-only origins and read-writeable origins. Read-only origin is data that Gemini is permitted to consume content from. For instance, on a shopping site, the listings are relevant to the task, but banner ads aren't. Similarly, Google said the agent is only allowed to click or type on certain iframes of a page."
""This delineation enforces that only data from a limited set of origins is available to the agent, and this data can only be passed on to the writable origins. This bounds the threat vector of cross-origin data leaks. This also gives the browser the ability to enforce some of that separation, such as by not even sending to the model data that is outside the readable set," the company said in a blog post."
Agentic browser features can perform tasks like booking tickets or shopping but introduce security risks including potential data or financial loss. Chrome previewed agentic capabilities and plans a gradual rollout in the coming months. Chrome will use observer models and explicit user consent to constrain agent actions. A Gemini-based User Alignment Critic reviews planned action items from the planner model and requests strategy changes if plans don't match user goals; the critic only receives action metadata, not page content. Agent Origin Sets restrict models to specific read-only and read-write origins and limit clicks or typing to authorized iframes. These measures bound cross-origin data leak vectors and add URL-level navigation checks.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]