mcp-chrome
Verified Safeby hangwin
Overview
Transforms the Chrome browser into an AI-controlled automation tool, enabling large language models to interact with web pages, analyze content, and manage browser functions.
Installation
npx node $(npm root -g)/mcp-chrome-bridge/dist/mcp/mcp-server-stdio.jsEnvironment Variables
- CHROME_MCP_NODE_PATH
- VOLTA_HOME
- ASDF_DATA_DIR
- FNM_DIR
- NVM_DIR
- ANTHROPIC_BASE_URL
- ANTHROPIC_AUTH_TOKEN
- CLAUDE_DEFAULT_MODEL
- CHROME_MCP_AGENT_DATA_DIR
- CHROME_MCP_AGENT_DB_FILE
- CHROME_MCP_PORT
- MCP_HTTP_PORT
Security Notes
The core functionality involves executing AI-generated or user-provided JavaScript code within the browser (via chrome.scripting.executeScript and `new Function`) and manipulating DOM/network. This inherently carries security risks, as it allows arbitrary code execution and browser control. The `FileHandler` can download files from URLs, which could pose an SSRF risk if the input URL is controlled by a malicious agent, although it generates new filenames and restricts cleanup to a temporary directory. The system offers system-level installation of its native messaging host, requiring administrator/sudo privileges, which is a common but significant permission grant. No obvious hardcoded sensitive secrets were found. The security model relies heavily on the trustworthiness of the AI agent and the inputs it processes, rather than a sandboxed execution environment.
Similar Servers
hyper-mcp
A fast, secure Model Context Protocol (MCP) server that extends its capabilities through WebAssembly plugins, enabling AI agents to access tools, resources, and prompts.
mcp
This server provides Hyperbrowser's Model Context Protocol (MCP) interface, offering tools for web scraping, structured data extraction, crawling, and general-purpose browser automation using AI agents like OpenAI's CUA and Anthropic's Claude Computer Use.
AgentBoard
Integrates AI agents with browser capabilities, enabling interaction with web pages and external Model Context Protocol (MCP) servers through a suite of specialized tools for tasks like content extraction and web automation.
blueprint-mcp
Enable AI assistants and coding agents to control and automate real web browsers (Chrome, Firefox, Opera) through a browser extension, maintaining logged-in sessions and avoiding bot detection.