Multi-Tier Browser Strategy for Agent Tasks

Codex handles browser tasks across three tiers based on needs: dedicated plugins for services like GitHub, Slack, Figma, and Notion; the new Chrome extension for signed-in sites requiring real browser state (e.g., LinkedIn, Salesforce, Gmail, internal tools); and the in-app sandboxed browser for localhost, local dev servers, file previews, or public pages. The agent automatically picks the right tier, preventing interference with your main browsing—Chrome actions occur in isolated tab groups, allowing parallel use of DevTools or tab context collection. This setup streamlines workflows previously blocked by API gaps, enabling web app testing and context gathering from open tabs without disrupting your session.

Prompt-Driven Chrome Invocation

Invoke the Chrome extension directly in prompts with @Chrome, such as @Chrome open Salesforce and update the account from these call notes. If Chrome is closed, Codex opens it. Combine with existing tools for hybrid tasks, like pulling data from signed-in CRM then processing locally. Available on macOS and Windows (not EU/UK), installation involves five steps to link Codex to your browser profile, detailed in docs.

Permissions and Security Trade-offs

The extension demands broad permissions (history, bookmarks, page data) for agent control, balanced by per-site confirmations, allow/block lists, and manual session approvals for sensitive features. Risks include prompt injection from malicious sites; mitigate by disabling Memories to isolate sessions and prevent cross-contamination. OpenAI stores browser data only when explicitly added to chat context via screenshots or summaries, prioritizing privacy. Developers gain production-ready access to authenticated web flows but must weigh isolation needs against convenience.