chrome-use
Warn
Audited by Socket on Jun 23, 2026
1 alert found:
AnomalyAnomalyscripts/proxy.ts
LOWAnomalyLOW
scripts/proxy.ts
This code is best characterized as an unauthenticated local CDP bridge: it accepts arbitrary JSON messages from any local client that can reach the UNIX socket and forwards method/params directly to Chrome via cdp!.send, including an unauthenticated '__stop' remote shutdown. While it does not itself show network exfiltration or overt malicious payload behavior, the design creates a significant security risk in environments where the socket file permissions or placement are not tightly controlled, since it effectively grants whoever can connect powerful control over the browser/Chrome debugging interface.
Confidence: 72%Severity: 66%
Audit Metadata