OpenAI brings Codex into Chrome

Browser access is the big change here. Codex already knew how to write code, inspect repos, and run work in cloud sandboxes. But a lot of real work doesn’t happen in a repo — it happens inside Gmail, Salesforce, dashboards, admin panels, and internal tools behind login screens. OpenAI’s new Chrome extension is the bridge. It lets Codex operate inside your actual signed-in browser state instead of a sealed-off test environment. ### What actually shipped? OpenAI added a Chrome extension for Codex on May 7, 2026. It works with the Codex app on macOS and Windows, and it’s meant for tasks where the agent needs the browser context you already have — your sessions, tabs, and access to web apps that don’t expose clean APIs. OpenAI’s docs use examples like LinkedIn, Salesforce, Gmail, and internal tools. ### Why wasn’t the old setup enough? (developers.openai.com) Before this, Codex had two main lanes. One was the cloud sandbox for code tasks. The other was an in-app browser for safer work on localhost, file-backed previews, and public pages. That covered testing and development pretty well, but it broke down when the task depended on your real browser identity — the exact cookies, tabs, and permissions in your Chrome profile. The extension fills that gap. (developers.openai.com) ### What can Codex do in Chrome? Basically, it can move through browser workflows the way a human operator would. OpenAI says it can research, update records, review dashboards, fill forms, and handle multi-step flows across logged-in tools and external sites. It runs work in task-specific tab groups, so the agent can gather context across tabs without hijacking the tab you’re actively using. OpenAI also says it can work in parallel across tabs in the background. (developers.openai.com) ### How much control does the user keep? More than the headline implies — but the risk is still real. By default, Codex asks before it interacts with each new website, and those approvals are scoped by host. You can allow a site once, always allow it, or block it. There’s also an allowlist and a blocklist in settings. OpenAI flags broader settings like “always allow browser content” and browser-history access as elevated risk, which is a pretty direct signal that the company knows this is sensitive territory. (chromewebstore.google.com) ### Why do signed-in sessions matter so much? Because signed-in state is where the useful work lives. An agent in a sandbox can draft code or simulate clicks. An agent in your logged-in browser can update a CRM record, inspect a real dashboard, or navigate an internal admin tool exactly as you would. That’s a huge jump in capability. It also means the browser stops being just a display layer and becomes a permission surface. Whoever governs browser access now governs a lot of the agent’s real-world power. (developers.openai.com) ### What does OpenAI say about safety? The company is leaning hard on bounded execution, approvals, and telemetry. In a separate May 8 post, OpenAI described the way it runs Codex internally: managed configuration, constrained execution, network policies, and logs designed to show what the agent did. That matters because once agents start acting across tools, the hard question stops being “can it do the task?” and becomes “who approved this, what did it touch, and can we reconstruct the path afterward?” (developers.openai.com) ### Who gets this now? The extension is live in the Chrome Web Store and available through the Codex app. OpenAI’s rollout appears to cover macOS and Windows, with support still coming for the EU and UK. That regional lag is worth noticing — browser agents that touch authenticated sessions run straight into privacy, compliance, and platform-policy questions. (openai.com) ### So what changed, really? Codex crossed from “tool that helps you work” into “agent that can do parts of the work where your organization already lives.” That sounds subtle, but it’s the whole game. Once an AI can act inside the browser, the browser becomes the operating system for agentic work — and the hard problems move from prompting and model quality to permissions, review, logging, and ownership of mistakes. (chromewebstore.google.com) The bottom line is simple. OpenAI didn’t just add a convenience feature. It moved Codex into the place where modern software work actually happens — the logged-in browser — and that makes the product more useful and a lot more consequential. (developers.openai.com)