Browsers are increasingly integrating agentic features that perform tasks like booking tickets or shopping, but these capabilities raise significant security concerns. Google is addressing these risks in Chrome through a combination of observer models and user consent mechanisms. The company introduced these features in September and plans to roll them out in the coming months. To ensure safety, Google employs a User Alignment Critic model using Gemini. This model evaluates planned actions to determine if they align with user goals. If a proposed task is deemed unfit, it prompts the planner model to reconsider. Importantly, the critic only accesses metadata, not the actual web content, which helps maintain user privacy. Google also uses Agent Origin Sets to limit what data the agent can access, allowing it to interact only with specific, trusted origins. This setup minimizes the risk of cross-origin data leaks. Page navigation is monitored through another observer model to prevent harmful URL access. For sensitive actions, like logging into banking sites, the agent must seek user approval first. Chrome's password manager remains secure since the agent's model cannot access password data directly. Google has also implemented a prompt-injection classifier to block unwanted actions and is testing these features against potential security threats. Other browser makers, like Perplexity, are also enhancing security measures, highlighting the industry's focus on safeguarding user interactions with agentic features.