Vibe Engineering: The Invisible Walls: Why AI Browser Agents Need More Than Extensions

Author: Dzianis Vashchuk | Site: Medium | Published: 2025-12-23T06:17:38Z

Vibe Engineering: The Invisible Walls: Why AI Browser Agents Need More Than Extensions At vibebrowser.app We hit an interesting bug recently. Our AI agent was asked to fill a form on the Chrome Web …

At vibebrowser.app We hit an interesting bug recently. Our AI agent was asked to fill a form on the Chrome Web Store developer console. The page was open, visible, loaded. But the agent started navigating away, convinced the page hadn’t loaded.The culprit? Chrome silently blocks content script injection on chrome.google.com.The Restriction Nobody Tells You AboutBrowser extensions use content scripts to read and interact with web pages. Your manifest declares <all_urls> and you expect access everywhere. Wrong.Chrome maintains a hardcoded blocklist:chrome.google.com (Web Store)accounts.google.comchrome:// pagesNo manifest permission overrides this. No enterprise policy helps. The content script simply never loads.Source: chromium/src/extensions/common/extension_urls.ccextensions/browser/api/management/management_api.cc: extension_urls::IsWebstoreDomain(source_url()));extensions/browser/api/web_request/web_request_permissions.cc: // extension_urls::IsWebstoreDomain for the last two checks here, b kChromeWebstoreBaseURL = "https://chrome.google.com/webstore" kNewChromeWebstoreBaseURL = "https://chromewebstore.google.com/"What This Means for AI AgentsAn agentic browser needs to:Read page content — to understand what’s on screenInteract with elements — clicks, typing, form fillsWork everywhere — not just on “approved” sitesExtensions fail requirement #3. When your agent encounters a restricted page, it goes blind. Our agent saw “Page Load Error” and tried to navigate — the page was right there the whole time.The Deeper ProblemExtensions operate in a sandbox. They’re guests in the browser, not owners. This means:No access to browser UI — can’t read the omnibox, bookmarks bar, or settingsNo cross-origin without CORS — restricted by web security modelNo system integration — can’t access local files, clipboard reliably, or native appsRestricted domains — Chrome, Firefox, Edge all block their own stores and sensitive pagesService worker limitations — MV3 background scripts can be killed at any timeWhat Full Agentic Control RequiresTrue browser automation needs deeper integration:Browser-level APIs — CDP (Chrome DevTools Protocol), WebDriver, or native browser modificationComponent extensions — Built into the browser binary, bypassing store restrictionsHybrid architecture — Extension for general pages + fallback mechanisms for restricted onesWe build Vibe as a component extension compiled into Chromium. This gives us privileges a store extension never gets. But even then, some pages remain opaque.The TakeawayIf you’re building an AI browser agent on pure extensions, know your limits. Document the blind spots. Handle restricted pages gracefully — tell the agent “this page is open but I can’t read it” instead of “page failed to load.”Extensions are a good start. They’re not the finish line.