OpenAI says Codex Chrome extension can read page text, capture screenshots and automate browser actions

OpenAI’s new Codex Chrome extension is a browser-control feature, not just a nicer web viewer. The point is simple: Codex can now use your actual Chrome session when a task depends on being logged in somewhere. (developers.openai.com) That means the agent can work inside Gmail, Salesforce, LinkedIn, or internal company tools instead of stopping at the login screen. But the tradeoff is just as simple — once an agent can see and act inside your real browser, permissions and trust become the whole story. (developers.openai.com) ### What launched here? OpenAI added “Codex for Chrome” to the Codex changelog on May 7, 2026, and published setup docs for a Chrome extension that connects the Codex app to Chrome. (developers.openai.com) OpenAI frames it as the tool to use when a task needs your signed-in browser state rather than the app’s own in-app browser. ### Why isn’t the in-app browser enough? Because the in-app browser is intentionally limited. It works for public pages, localhost previews, and verification work inside Codex, but it does not support your regular Chrome profile, cookies, extensions, existing tabs, or authentication flows. So if the job is “open Salesforce and update this account” or “check something in Gmail,” Codex needs access to the browser you already use. (developers.openai.com) ### What can the extension actually do? OpenAI says Codex can use Chrome for tasks that need to read or act on websites, and it can run those browser tasks in tab groups so work for a thread stays together. (developers.openai.com) The changelog adds an important detail: it can work in parallel across tabs in the background instead of taking over your whole browser window. Basically, this is browser automation wrapped in an approval system. ### What does Codex get to see? OpenAI’s docs say page content should be treated as untrusted context, which tells you a lot about how the system works. If Codex reads a page, that content can be processed as part of the task. (developers.openai.com) OpenAI also flags browser history as “Elevated Risk,” saying history may include sensitive telemetry, internal URLs, search terms, and activity from signed-in Chrome sessions, and relevant entries can become part of task context if you allow that access. ### How much control does the user keep? By default, Codex asks before interacting with each new website, based on the host name. (developers.openai.com) You can allow a site just for the current chat, always allow that host, or decline it. There’s also an allowlist and a blocklist in settings. The catch is that OpenAI also offers an “always allow browser content” option marked as elevated risk — and that removes the per-site confirmation step. ### Who is this really for? Mostly developers and technical teams already using Codex. OpenAI’s help docs say Codex is bundled with ChatGPT Plus, Pro, Business, and Enterprise/Edu, and plugins for business workspaces can be controlled by admins. (developers.openai.com) That matters because the obvious use cases are not casual browsing. They’re logged-in workflows — customer systems, internal dashboards, and company web apps. ### Why does this feel different from ordinary AI browsing? Because sandboxed browsing is one thing. Real-account automation is another. Once an agent can operate inside your personal or company browser state, it stops being just a research helper and starts acting more like a junior operator with temporary keys. (developers.openai.com) That is powerful — but every approval prompt now doubles as a security decision. ### Bottom line? The extension makes Codex more useful in exactly the places where previous AI browsers hit a wall — signed-in sites and real workflows. But OpenAI’s own docs make the boundary clear: anything Codex can see in Chrome can become task context, and broad permissions raise the risk fast. (help.openai.com) This is the agent era in one product — more capability, more exposure, and a much bigger burden on user judgment. (developers.openai.com)