In brief
- Google added agentic capabilities to its Chrome browser this week.
- The tech giant joined OpenAI, Anthropic, and Perplexity in a rapidly escalating agentic browser race.
- However, convenience comes with security risks, prompt-injection threats, and trust concerns, all typical of agentic browsers.
Google just weaponized the world's most popular browser.
On Wednesday, the search giant announced that it's integrating Gemini 3 directly into Chrome, adding agentic browsing capabilities that let AI handle multi-step tasks on your behalf—booking flights, comparing products, filling forms, and all the things an agentic browser can already do.
The move comes as Chrome's 65% market share faces pressure from other AI companies that have already found a niche among enthusiasts.
The headline feature is "auto browse," available to Google AI Pro ($20/month) and AI Ultra ($250/month) subscribers in the U.S. It is similar to OpenAI’s “Agent Mode” and basically lets the browser’s own AI agent use the browser like a human instead of relying on APIs.
Tell Gemini to find pet-friendly apartments on Redfin or plan a family vacation across multiple travel sites, and it'll click through pages, filter results, and add items to carts—pausing only before sensitive actions like purchases or social media posts.
The AI lives in a persistent side panel, maintaining context across tabs while you work. Also included: Nano Banana for on-the-fly image generation and Connected Apps integration with Gmail, Calendar, YouTube, and Maps. And this could be the element that separates Chrome from competitors: The powerful AI models that power the browser.
Personal Intelligence is set to arrive in the coming months, letting Chrome remember past conversations for tailored responses. That'll be an opt-in feature, of course—Google learned that lesson the hard way.
The agentic browser race is heating up fast. OpenAI's Atlas, launched in October, lets ChatGPT navigate the web autonomously for Plus, Pro, and Business users. Perplexity's Comet browser and Anthropic's Claude for Chrome extension followed similar playbooks. Other lesser-known options include Opera Neon, Norton’s NEO browser, and the controversial Dia Browser built by The Browser Company after discontinuing its popular Arc Browser.
Even open-source projects like BrowserOS are entering the fray, offering privacy-first alternatives that run AI agents locally using your own API keys.
Each has its niche. Atlas excels at conversational search with ChatGPT's sidebar automatically understanding whatever's on your screen. Claude for Chrome is an extension developed by Anthropic that takes a different approach and enhances Chrome with Claude-powered agentic capabilities. Perplexity's Comet integrates web search directly into browsing at high inference speeds. Opera's Neon leans into privacy features.
Chrome's advantage? You're probably already using it. No download needed, no workflow disruption, and Google's ecosystem locks in through Workspace, Calendar, and Photos. The company is betting that convenience beats novelty—that most people won't switch browsers for AI when their current one just got smarter.
But agentic browsing introduces new attack vectors. Google acknowledged the "primary new threat" is indirect prompt injection—malicious websites hiding instructions in code to trick the AI into exfiltrating data or initiating transactions. Security researchers found similar vulnerabilities in Perplexity's Comet, though those were quickly patched.
Google's layered defense includes a separate "User Alignment Critic" model that double-checks every proposed action, deterministic checks against lists of sensitive sites, and user confirmations before financial actions. The AI can't access passwords directly (it asks Google Password Manager for permission), can't download files, and can't run code. Origin isolation prevents it from wandering to unrelated sites.
Still risky? Absolutely. Google is offering up to $20,000 through its Vulnerability Rewards Program for anyone who can bypass these safeguards—an acknowledgment that nothing's bulletproof.
The tech giant is also pushing the Universal Commerce Protocol, an open standard co-developed with Shopify, Etsy, Wayfair, and Target to let AI agents transact seamlessly. If that takes off, then it could reshape e-commerce around AI intermediaries instead of direct browsing—a shift that would upend digital advertising as we know it.
For now, auto browse will remain U.S.-only, subscriber-gated, and explicitly labeled as preview software. Google is rolling it out gradually, collecting feedback before wider deployment. Windows, iOS, and Android versions are coming too, but there's no timeline yet.