newsTech
New AI attack hits Chrome and Edge browsers — experts warn of ‘massive security risk’
Efe Udin
July 3, 2025
A new warning has emerged about the growing use of agentic AI in browsers. This raises serious security concerns for Chrome and Edge users. SquareX, the company behind the alert, warns that AI browser agents are now used by 79% of organizations. However, these companies are exposing users to attacks they may not even be aware of. “Every security practitioner knows that employees are the weakest link in an organization,” it says. “But what if this is no longer the case?”
The danger stems from the fact that these browser-based AI agents perform tasks automatically. These agents are not aware of any real threats. SquareX puts it bluntly: “These agents are trained to complete the tasks they are instructed to do, with little to no understanding of the security implications of their actions.”
Chrome and Edge users advised to act
Given Chrome’s vast user base, the risks are even greater. Google urges users to turn on Safe Browsing, but recommends Enhanced Protection for maximum safety. Enhanced Protection “offers security from known and potential new dangers.” It also means “you’ll receive warnings about potentially dangerous sites, downloads, and extensions, even the ones that Google didn’t previously know about.”
Microsoft Edge users also have similar protection options. If you’re using browser AI agents, experts recommend enabling the highest level of browser security available. “It’s nowhere near a catch-all, but it helps,” says SquareX.
AI agents lack common sense and caution
The core issue is that browser AI tools are easily manipulated and cannot spot common red flags. “They cannot recognize visual warning signs like suspicious URLs, excessive permission requests, or unusual website designs that typically alert employees of a malicious site,” SquareX explains.
This makes them especially vulnerable. “Browser AI Agents are more likely to fall prey to browser-based attacks than even a regular employee,” the company warns. Attackers can poison search results or push malicious downloads, and the AI will act without recognizing danger.
Real-world examples show serious flaws
SquareX demonstrated how an agent told to register for a file-sharing tool ended up falling for an OAuth phishing attack. The agent gave full email access to a malicious app. “Irrelevant permissions, unfamiliar brands, suspicious URLs” — things a human might catch — were all ignored.
Vivek Ramachandran of SquareX sums it up: “Providers have no way to create a sub-identity for Browser AI Agents… This allows all Browser AI Agents to run on the same privilege levels as the user.”
Read Also: Microsoft Edge Update Brings Smarter Search and AI Summaries
Until there’s a fix, the best defense is caution. As Ramachandran notes, enterprises must build “browser-native guardrails” to protect both humans and agents from these emerging threats.
How to protect your browser
To guard your browser, if you use AI tools, start by enabling Enhanced Protection in Chrome or the highest available security level in Edge. This helps stop known and new risks.
Also, use a new user tab just for AI tasks, so it can’t touch your mail, work data, or files. Don’t let AI run logins or open file apps. It can’t spot fake links or odd popups like you can.
Add a good ad stop tool and a scam check add-on. Check all add-ons now and then, and keep the browser up to date. When a site asks to use your mail or store, read the prompt, don’t let AI just click. Use a password with long, odd words, and turn on two-factor authentication. No fix is sure, but these tips help reduce the level of vulnerability.
Disclaimer: We may be compensated by some of the companies whose products we talk about, but our articles and reviews are always our honest opinions. For more details, you can check out our editorial guidelines and learn about how we use affiliate links.Follow Gizchina.com on Google News for news and updates in the technology sector.
Source/VIA :
forbes
