Two days after the alpha announcement, agent-browser-shield has a Chrome Web Store listing and 14 new protection rules.
Install from the Chrome Web Store
The extension is live at chromewebstore.google.com/detail/agent-browser-shield. One click instead of unpacked-from-source. The prebuilt ZIP and source-build paths stay for Browserbase and other runtimes that need an unpacked extension.
New rules: handling prompt injection and context pollution in invisible surfaces
A browser-use agent reads surfaces a sighted user never looks at. The new rules close them:
<noscript>blocks (never rendered with JS on, but agents walk them)- Poisoned
<meta>description and<title>(the compact "what is this page" answer many agents pull first) - JSON-LD
<script>blocks (cited as the "trusted summary" of a page) aria-label,alt,title,placeholder, and SVG<title>/<desc>/<text>(a11y-tree carriers)- Unicode tag characters, bidi overrides, and zero-width payloads
- Long base64 / hex / percent-encoded blobs (the "decode this and follow it" pattern)
New rules: trust laundering
link-spoof-annotate flags Cyrillic homoglyphs and anchors whose visible
text doesn't match the href apex. disguised-ad-flag collapses native
advertorials (Sponsored / Paid Post) that share DOM shape with editorial.
trust-badge-annotate and schema-trust-sanitize ship off by default
while we assess their false-positive rates.
The daily-driver surprise
I've started running it on my own daily-driver browser, not just agent runs. There have been some funny quirks (e.g., flagging GitHub issue links with ".md" in the link text as suspicious and hiding the GitHub issue template modal). However, overall it's been a positive on my browsing experience. So, we'll be experimenting with making more annotations visible to humans and multi-modal LLMs.