This study investigates the effectiveness of the Same-Origin Policy (SOP) in agentic browsers. Agentic browsers integrate autonomous AI agents, enabling users to accomplish web tasks through natural language instructions. However, the performance of SOP, a fundamental browser security mechanism that prevents unauthorized cross-origin data flows, is worth examining in this context.
We first observe that an agentic browser can serve as an automated channel for cross-origin data flows, potentially leading to SOP violations. To address this, we constructed SOPBench, a benchmark for evaluating SOP violations in agentic browsers. Our evaluation reveals that existing agentic browsers frequently violate SOP in both benign settings and under attacks.
To remedy this, we propose SOPGuard, an SOP enforcement mechanism tailored for agentic browsers. We implemented SOPGuard in BrowserOS, an open-source agentic browser. Extensive evaluations demonstrate that SOPGuard effectively enforces SOP while preserving utility and incurring only a small runtime overhead. Our code and data are available on GitHub.
Blogger's Review: This paper provides significant empirical research on the security of the Same-Origin Policy in agentic browsers by constructing benchmarks and proposing solutions. The implementation of SOPGuard offers new insights and directions for the design of secure browsers, marking an important contribution in the field of browser security.