diff --git a/browse/src/cdp-allowlist.ts b/browse/src/cdp-allowlist.ts
old mode 100644
new mode 100755
index b9c3a9538e..3ecb4795cd
--- a/browse/src/cdp-allowlist.ts
+++ b/browse/src/cdp-allowlist.ts
@@ -155,6 +155,25 @@ export const CDP_ALLOWLIST: ReadonlyArray<CdpAllowEntry> = Object.freeze([
     output: 'trusted',
     justification: 'UA override on the active tab. NOTE: changes affect future requests; fine for tests.',
   },
+  {
+    domain: 'Emulation',
+    method: 'setGeolocationOverride',
+    scope: 'tab',
+    output: 'trusted',
+    justification: 'Geolocation override on the active tab. Same threat profile as setDeviceMetricsOverride: pure input, no data exfiltration. Enables GPS testing.',
+  },
+  {
+    domain: 'Emulation',
+    method: 'clearGeolocationOverride',
+    scope: 'tab',
+    output: 'trusted',
+    justification: 'Clear geolocation override. Mirrors clearDeviceMetricsOverride for cleanup symmetry.',
+  },
+  // NOTE: Browser.grantPermissions is intentionally NOT added here. It is a
+  // browser-scope CDP method that cannot be forwarded through the page-level
+  // CDPSession that the browse bridge uses. Geolocation testing requires either
+  // a Playwright script (which grants permissions at context creation) or a
+  // future browser-scope CDP routing path in the bridge.
   // ─── Page capture (output, not navigation) ─────────────────
   {
     domain: 'Page',