Gemini CLI: Browser Agent Gets Persistent Sessions and Dynamic Tool Discovery
Gemini CLIGemini CLI v0.37.0 delivers the most substantial upgrade yet to its Browser Agent, adding persistent Chrome session management, dynamic read-only tool discovery, and improved security guardrails. The browser agent can now maintain live browser state β including cookies and authentication β across page navigations and task boundaries, while stale page snapshots are automatically superseded to reclaim context-window tokens. Domain restriction enforcement is also tightened with embedded URL detection and immediate termination on violations.
Sources & Mentions
5 external resources covering this update
Getting Started with Gemini Browser Use β Installation and Demo Tutorial
Youtube
Release v0.37.0 Β· google-gemini/gemini-cli
GitHub
Automate UI Testing with Gemini CLI, BrowserMCP and Playwright
Google Codelabs
Creating an Automated UI Test of Your Web App in Seconds, with Gemini CLI and BrowserMCP
Medium
Gemini can automate any task in your browser
Gemini CLI Browser Agent Matures with Persistent Sessions in v0.37.0
The Browser Agent in Gemini CLI, introduced as an experimental subagent in v0.31.0, receives its most substantial upgrade in v0.37.0 (April 8, 2026). The release adds persistent browser session management, dynamic tool discovery, sandbox-aware initialization, and improved security controls β moving the browser agent significantly closer to production-grade web automation capability.
Persistent Browser Sessions
The most impactful change is persistent session management. Previously, browser agent invocations could lose context between navigations or across task boundaries. In v0.37.0, the browser agent maintains a persistent Chrome profile stored at ~/.gemini/cli-browser-profile/, preserving cookies, authentication state, and browsing history across the full agent session.
This means a browser agent task that requires logging into a service, navigating multiple pages, and extracting information no longer needs to re-authenticate at each step. The agent retains state throughout the task lifecycle, making it practical for real-world web automation workflows that span multiple interactions.
Input Blocker Persistence
Input blocker state now persists across page navigations. This prevents the agent from inadvertently interacting with a page during transitions β a common reliability issue in browser automation where premature input triggers cause incorrect actions or failed form submissions.
Dynamic Tool Discovery
The browser agent now dynamically discovers read-only tools based on the current page and context, rather than exposing a fixed set of capabilities. The agent adapts its available actions to what is actually useful on the current page β surfacing navigation and extraction tools when relevant, and suppressing actions that would have no effect in the current browser state.
An action counter that resets per agent session (while ignoring internal housekeeping actions) also improves the reliability of maxActionsPerTask enforcement, giving developers more predictable control over how much the agent can act autonomously before requiring human review.
Stale Snapshot Supersession
A significant context-window efficiency improvement: stale page snapshots are now superseded automatically. When the browser agent captures a new snapshot of a page, older snapshots from the same page are removed from the context window. This prevents the token budget from filling up with redundant copies of partially loaded or transitioning pages β a common problem in long-running web automation sessions.
Security and Domain Restrictions
v0.37.0 strengthens the browser agent's domain restriction system in two meaningful ways.
Embedded URL detection in query parameters: The agent now detects URLs embedded within query parameters (e.g., redirect parameters) and validates them against the allowedDomains list. This closes a bypass where malicious page content could redirect the agent to an unauthorized domain through a redirect query string.
Immediate termination on violations: If the agent detects a domain restriction violation or encounters a "browser is already running" error, it now terminates immediately rather than attempting to continue β preventing cascading failures from a compromised state. A proxy bypass constraint has also been added to the domain restriction system prompt, ensuring the agent does not route around configured domain restrictions via proxy mechanisms.
Race Condition Fix
A previously reported race condition between the browser agent and the main Gemini CLI process during shutdown has been resolved. This fix improves stability in automated pipelines where the CLI exits after a task completes, preventing intermittent crashes that were difficult to reproduce in controlled environments.
Why It Matters
The combination of persistent sessions, dynamic capability discovery, and improved security guardrails makes Gemini CLI's browser agent a credible option for terminal-based web automation β from UI testing to data extraction and multi-step form workflows. For developers already using Gemini CLI for coding tasks, these improvements mean the browser agent can now be incorporated into the same agentic workflow without requiring a separate browser automation framework.