1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Google adds prompt injection defenses to Chrome

    From TechnologyDaily@1337:1/100 to All on Wednesday, December 10, 2025 20:15:09
    Google adds prompt injection defenses to Chrome

    Date:
    Wed, 10 Dec 2025 20:10:00 +0000

    Description:
    There's an AI that checks what the other AIs are doing and makes sure they're not tricked.

    FULL STORY ======================================================================Google strengthens Chrome against indirect prompt injection attacks with new
    defenses Features: User Alignment Critic & Agent Origin Sets for safer agent actions Agents now log activity and seek approval before accessing sensitive sites

    Google is adding new defenses to the Chrome browser, to make sure its agentic capabilities cannot be abused through indirect prompt injection.

    Indirect prompt injection is a type of attack in which the AI agent reads third-party content (for example, an incoming email) and executes it.

    An example would be a prompt to execute a crypto transaction from a browser wallet plugin written into an email. The text is in white color and in font size 0, so the victim cant see it, but if they run the email through the AI for any reason, the agent might act on the prompt.

    Catch the price drop- Get 30% OFF for Enterprise and Business plans

    The Black Friday campaign offers 30% off for Enterprise and Business plans
    for a 1- or 2-year subscription. Its valid until December 10th, 2025. Customers must enter the promo code BLACKB2B-30 at checkout to redeem the offer. View Deal User Alignment Critic and Agent Origin Sets

    To make sure this doesnt happen, Google now introduced additional security layers, including the User Alignment Critic, and Agent Origin Sets. User Alignment Critic is a feature that monitors the agents actions in an environment isolated from untrusted content.

    The User Alignment Critic runs after the planning is complete to double-check each proposed action, Google explained.

    Its primary focus is task alignment: determining whether the proposed action serves the users stated goal. If the action is misaligned, the Alignment Critic will veto it. This component is architected to see only metadata about the proposed action and not any unfiltered untrustworthy web content, thus ensuring it cannot be poisoned directly from the web. It has less context,
    but it also has a simpler job just approve or reject an action.

    Agent Origin Sets, on the other hand, makes sure the agent can only access data from origins that are related to the task its currently doing, or data that the user chose to share with the agent. This prevents a compromised
    agent from acting arbitrarily on unrelated origins, Google added. For each task on the web, a trustworthy gating function decides which origins proposed by the planner are relevant to the task. The design is to separate these into two sets, tracked for each session.

    Finally, agents are now also allowed to create a work log for user observability and will ask explicit approval before navigating to sensitive sites such as banking or healthcare portals.

    Via The Hacker News

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/google-adds-prompt-injection-defenses-t o-chrome


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)