Google quietly sets new AI security rules in Chrome: why it matters

These changes were spotted by the online edition of Windows Report in Chromium Gerrit.

When an AI “mistake” is not a security bug

If Chrome's AI gives you a strange, incorrect, or inappropriate response, Google says it's not a security issue, just "unexpected AI behavior."

In such cases, Google recommends reporting it using the "thumbs up/down" or "Send feedback" buttons in Chrome. This will help Google improve AI, but such cases will not be considered a security threat.

When AI actions become dangerous

A security issue occurs when a website forces Chrome's AI to do something it shouldn't. This is called "indirect prompt injection," where instructions hidden on a web page force the AI ​​to:

• perform an action that you did not request;
• disclose information that you should not have access to.

If you find something like this, Google asks you to report it. You will need to provide evidence, such as video footage, files used, and AI session details, to help them investigate.

What about AI-generated code?

If AI helps you write code that contains a security flaw (such as cross-site scripting), that could also be considered a real security risk. Google would need a clear demonstration of the problem in order to fix it.

Why is this important?

This new section is very important, showing that Google now views AI as a potential target for attackers. By clearly defining the difference between a simple AI error and a dangerous action, Google is laying the groundwork to ensure the security of its new, intelligent browser features for everyone.

Until now, Chrome’s security documentation didn’t include an FAQ section at all about “AI features.” A Wayback Machine snapshot from late August shows the page without that section. Now, Google has published an FAQ section about AI in Chrome.

It’s a subtle but important addition. It shows that Google is taking the first steps towards how artificial intelligence in Chrome will be evaluated: strange results are not errors, and malicious actions are a different story.

Additionally, Google is preparing a new “Make Default” button in Chrome that will not only set it as the default browser on Windows, but also pin it to the taskbar.

Chrome will also soon allow you to access recent tab groups from the new tab page and may integrate AI mode into Google Lens.

Duolingo's challenge: Google Translate will get an AI feature to help you learn foreign languages

On the topic

Duolingo's challenge: Google Translate will get an AI feature to help you learn foreign languages

Google improves image generation in Gemini thanks to nano-banana AI model

On the topic

Google improves image generation in Gemini thanks to nano-banana AI model

Google will require developers to undergo verification even for Android apps outside the Play Store

On the topic

Google will require developers to undergo verification even for Android apps outside the Play Store

Google reveals for the first time how much energy a single request to Gemini consumes

On the topic

Google reveals for the first time how much energy a single request to Gemini consumes

Read the country's main IT news in our Telegram

On the topic

Read the country's main IT news in our Telegram