This study identifies severe privacy risks in eight mainstream browser automation agents, stemming from component vulnerabilities, ineffective anti-tracking mechanisms, and unintended leakage of sensitive information during automated browsing. Method: We propose the first comprehensive privacy risk assessment framework for browser agents, evaluating five dimensions—data collection practices, tracking prevention efficacy, permission management, configuration security, and prompt robustness—across 15 rigorously defined metrics. Our empirical evaluation integrates static security auditing, dynamic behavioral analysis, and prompt-response testing across real-world websites. Contribution/Results: We uncover 30 previously undocumented privacy vulnerabilities (e.g., privacy-enhancing features disabled by default, automatic credential autofill). All findings were responsibly disclosed. To support reproducible research and evidence-based privacy governance, we will open-source our curated dataset and assessment toolkit. This work establishes a methodologically sound, empirically grounded foundation for evaluating and improving the privacy posture of browser automation agents.

This paper presents a systematic evaluation of the privacy behaviors and attributes of eight recent, popular browser agents. Browser agents are software that automate Web browsing using large language models and ancillary tooling. However, the automated capabilities that make browser agents powerful also make them high-risk points of failure. Both the kinds of tasks browser agents are designed to execute, along with the kinds of information browser agents are entrusted with to fulfill those tasks, mean that vulnerabilities in these tools can result in enormous privacy harm. This work presents a framework of five broad factors (totaling 15 distinct measurements) to measure the privacy risks in browser agents. Our framework assesses i. vulnerabilities in the browser agent's components, ii. how the browser agent protects against website behaviors, iii. whether the browser agent prevents cross-site tracking, iv. how the agent responds to privacy-affecting prompts, and v. whether the tool leaks personal information to sites. We apply our framework to eight browser agents and identify 30 vulnerabilities, ranging from disabled browser privacy features to "autocompleting" sensitive personal information in form fields. We have responsibly disclosed our findings, and plan to release our dataset and other artifacts.