Google adds prompt injection defenses to Chrome

• Google strengthens Chrome against indirect prompt injection attacks with new defenses
• Features: User Alignment Critic & Agent Origin Sets for safer agent actions
• Agents now log activity and seek approval before accessing sensitive sites

Google is adding new defenses to the Chrome browser, to make sure its agentic capabilities cannot be abused through indirect prompt injection.

Indirect prompt injection is a type of attack in which the AI agent reads third-party content (for example, an incoming email) and executes it.

An example would be a prompt to execute a crypto transaction from a browser wallet plugin written into an email. The text is in white color and in font size 0, so the victim can’t see it, but if they run the email through the AI for any reason, the agent might act on the prompt.