Chrome MCP Server (Security Hardened)
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Chrome MCP Server (Security Hardened)access the corporate portal and take a screenshot of the dashboard"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Chrome MCP Server (Security Hardened)
Enterprise-grade Chrome automation for AI agents with compliance-ready logging
Enterprise Features • Compliance Logging • Security Features • Quick Start • Docker Deploy
Enterprise Ready
Built for corporate environments where security, compliance, and auditability are non-negotiable.
Requirement | Solution |
Audit Trails | Hash-chained audit logs with tamper detection |
SIEM Integration | CEF (Splunk, ArcSight, QRadar) + Syslog (RFC 5424) |
Credential Security | Post-quantum encryption (ML-KEM-768 + ChaCha20-Poly1305) |
Data Protection | Auto-redaction of PII in screenshots and logs |
Session Control | Configurable timeouts, auto-expiry, inactivity lockout |
Access Control | Token-based authentication with brute-force protection |
Compliance Logging | OWASP-compliant event categories, correlation IDs |
Compliance Standards Support
Standard | Coverage |
SOC 2 Type II | Audit logging, access controls, encryption at rest |
GDPR | Data minimization, right to erasure, audit trails |
PCI DSS | Credential protection, access logging, encryption |
HIPAA | Audit controls, access management, encryption |
Compliance Logging
SIEM-ready logging in industry-standard formats. Every tool execution, credential access, and security event is logged.
Output Formats
Format | Use Case | Example |
CEF | Splunk, ArcSight, QRadar |
|
Syslog | Centralized logging (RFC 5424) |
|
JSONL | Elastic, custom pipelines |
|
Event Categories (OWASP-Compliant)
authentication- Login attempts, session creationauthorization- Access control decisionscredential- Vault operations (store, retrieve, delete)audit- Tool executions with timingsecurity- Rate limits, injection attempts, anomaliesdata_access- Sensitive data retrieval
Quick Configuration
# Enable CEF logging for Splunk
COMPLIANCE_LOG_FORMAT=cef
COMPLIANCE_LOG_DIR=./logs/compliance
# Forward to remote syslog
SYSLOG_HOST=siem.company.com
SYSLOG_PORT=514Example CEF Output
CEF:0|Pantheon-Security|Chrome-MCP-Secure|2.3.0|audit:tool:navigate|tool:navigate|3|rt=1702732800000 outcome=success msg=Tool navigate executed: success request=https://internal.company.com cn1=1702732800-abc123 cn1Label=correlationIdSecurity-hardened fork of lxe/chrome-mcp Maintained by Pantheon Security
Real-World Results
"We used this MCP for hours building out our security dashboard - the reliability was incredible. The amount of work we produced was huge compared to manual browser interaction." — Pantheon Security team
Production Tested
Metric | Result |
Session Duration | 4+ hours continuous use |
Stability | Zero crashes or disconnects |
Credential Security | All logins encrypted, auto-wiped |
Productivity Gain | 10x faster than manual browser work |
This isn't just a security enhancement - it's a reliable workhorse for AI-assisted browser automation. When you need Claude to interact with web apps for extended sessions, this MCP delivers.
Security Features
Core Security (v2.1.0)
Feature | Description |
Post-Quantum Encryption | ML-KEM-768 + ChaCha20-Poly1305 hybrid |
Secure Credential Vault | Encrypted at rest, auto-wiped from memory |
Memory Scrubbing | Zeros sensitive data after use |
Audit Logging | Tamper-evident logs with hash chains |
Profile Isolation | Dedicated Chrome profile for secure sessions |
Log Sanitization | Credentials masked in all output |
Rate Limiting | 100 requests per minute per operation |
Input Validation | CSS selector sanitization, URL validation |
Advanced Security Modules (v2.2.0+)
Module | Description |
Secrets Scanner | Detects 25+ credential patterns (AWS, GitHub, Slack, OpenAI keys, private keys, JWTs, credit cards, SSNs) |
Response Validator | Prompt injection detection (15 patterns), suspicious URL blocking, encoded payload detection |
Session Manager | Credential session lifecycle with 8h max lifetime and 30min inactivity timeout |
MCP Authentication | Token-based auth with auto-generation, SHA256 hashing, brute-force lockout |
Certificate Pinning | SPKI-style pinning for Google, GitHub, Microsoft, Anthropic, OpenAI domains |
Screenshot Redaction | Auto-redacts password fields, credit cards, CVV, SSN, API keys in screenshots |
Cross-Platform Permissions | Secure file permissions on Linux, macOS, and Windows (icacls) |
Post-Quantum Ready
Traditional encryption will be broken by quantum computers. This fork uses hybrid encryption:
ML-KEM-768 (Kyber) + ChaCha20-Poly1305ML-KEM-768: NIST-standardized post-quantum key encapsulation
ChaCha20-Poly1305: Modern stream cipher (immune to timing attacks)
Even if one algorithm is broken, the other remains secure.
Why Post-Quantum Now?
Timeline | Threat |
2024-2030 | "Harvest now, decrypt later" attacks - adversaries collecting encrypted data today |
2030-2035 | Early cryptographically-relevant quantum computers expected |
2035+ | Current RSA/ECC encryption potentially broken |
Your browser credentials stored today could be decrypted in 10 years. This fork protects against that future threat now.
Docker Deployment
Recommended for production environments.
# Clone and start
git clone https://github.com/Pantheon-Security/chrome-mcp-secure.git
cd chrome-mcp-secure
docker-compose up -dProduction Configuration
# Copy example config
cp env.example .env
# Edit for your environment
vim .env
# Start with custom config
docker-compose up -dKey Environment Variables
# SIEM Integration
COMPLIANCE_LOG_FORMAT=cef # cef, syslog, jsonl, json
SYSLOG_HOST=siem.company.com # Remote syslog server
SYSLOG_PORT=514
# Encryption (REQUIRED for production)
CHROME_MCP_ENCRYPTION_KEY=$(openssl rand -base64 32)
# Session Security
CHROME_MCP_SESSION_MAX_LIFETIME=28800000 # 8 hours
CHROME_MCP_SESSION_INACTIVITY=1800000 # 30 minutesLog Collection
Logs are written to ./logs/compliance/ in your chosen format:
# View compliance logs
tail -f logs/compliance/compliance-2025-12-16.cef
# Forward to Splunk via syslog
docker-compose logs chrome-mcp | nc -u siem.company.com 514See env.example for all configuration options.
Installation
One-Command Setup (Recommended)
Linux / macOS:
git clone https://github.com/Pantheon-Security/chrome-mcp-secure.git
cd chrome-mcp-secure
./setup.shWindows (PowerShell):
git clone https://github.com/Pantheon-Security/chrome-mcp-secure.git
cd chrome-mcp-secure
.\setup.ps1This will:
Install dependencies and build the project
Register the MCP server with Claude Code
Start Chrome with remote debugging
Create an isolated Chrome profile
Manual Setup
npm install && npm run build
claude mcp add chrome-mcp-secure --scope user -- node /path/to/chrome-mcp-secure/dist/index.js
google-chrome --remote-debugging-port=9222 --user-data-dir=~/.chrome-mcp-profilePlatform-Specific Notes
Platform | Setup Script | Chrome Profile Location |
Linux |
|
|
macOS |
|
|
Windows |
|
|
Quick Start
1. Start Chrome with debugging
./setup.sh --start-chrome2. Use in Claude Code
"Check Chrome connection with health tool"
"Navigate to https://example.com"
"Take a screenshot"3. Secure Login Flow
"Store a credential for my GitHub account"
"Navigate to github.com/login"
"Use secure_login with the stored credential"Available Tools
Browser Automation (15 tools)
Tool | Description |
| Check Chrome connection and version |
| Navigate to URL |
| List all Chrome tabs |
| Click element by CSS selector |
| Click at coordinates |
| Type text at cursor |
| Extract text from element |
| Get URL, title, interactive elements |
| Get scroll position, viewport size |
| Scroll to coordinates |
| Capture page screenshot |
| Wait for element to appear |
| Execute JavaScript |
| Fill form field |
| Navigate with HTTPS cert bypass |
Secure Credential Tools (7 tools)
Tool | Description |
| Store encrypted login credentials |
| List stored credentials (no passwords shown) |
| Get credential metadata |
| Remove a stored credential |
| Update an existing credential |
| Auto-fill login forms using stored credentials |
| Check vault encryption status |
Secure Credential Usage
Storing Credentials
Store a credential for my Google account:
- Name: "Google Work"
- Type: google
- Email: me@example.com
- Password: mypassword123
- Domain: google.comUsing Credentials for Login
1. Navigate to https://accounts.google.com
2. Use secure_login with the credential ID from list_credentialsThe secure_login tool will:
Retrieve and decrypt the credential from the vault
Auto-fill the username/email field
Auto-fill the password field
Click the submit button
Wipe credentials from memory after use
What Gets Protected
Data | Protection |
Login credentials | Post-quantum encrypted at rest |
Passwords in memory | Auto-wiped after 5 min TTL |
Log output | Credentials auto-masked |
Chrome profile | Isolated from default browser |
Audit trail | Hash-chained for tamper detection |
Configuration
Environment Variables
# Chrome connection
CHROME_HOST=localhost
CHROME_PORT=9222
CHROME_PROFILE_DIR=~/.chrome-mcp-profile
# Encryption (recommended for production)
CHROME_MCP_ENCRYPTION_KEY=<base64-32-bytes>
CHROME_MCP_USE_POST_QUANTUM=true
# Credential vault
CHROME_MCP_CONFIG_DIR=~/.chrome-mcp
CHROME_MCP_CREDENTIAL_TTL=300000 # 5 minutes
# Logging
LOG_LEVEL=info
AUDIT_LOGGING=trueGenerate Strong Encryption Key
openssl rand -base64 32See SECURITY.md for complete configuration reference.
Security Architecture
Encryption
┌─────────────────────────────────────┐
│ ML-KEM-768 Key Pair │
│ (Post-Quantum Key Encapsulation) │
└─────────────────┬───────────────────┘
│
┌─────────────────┴───────────────────┐
│ ChaCha20-Poly1305 │
│ (Symmetric AEAD Encryption) │
└─────────────────┬───────────────────┘
│
┌─────────────────┴───────────────────┐
│ Encrypted Credential Files │
│ ~/.chrome-mcp/credentials/*.pqenc │
└─────────────────────────────────────┘Memory Protection
SecureCredential class: Auto-wipes credentials after TTL (5 min default)
Zero-fill buffers: Random overwrite + zero fill prevents memory dumps
No credential logging: Automatic masking of sensitive field names
Why ChaCha20-Poly1305 over AES-GCM?
Property | ChaCha20-Poly1305 | AES-GCM |
Timing attacks | Immune (constant-time) | Vulnerable without AES-NI |
Software speed | Fast everywhere | Slow without hardware |
Complexity | Simple | Complex (GCM mode) |
Adoption | Google, Cloudflare TLS | Legacy systems |
Management Commands
# Full setup
./setup.sh
# Check status
./setup.sh --check
# Uninstall from Claude Code
./setup.sh --uninstall
# Start/stop Chrome
./setup.sh --start-chrome
./setup.sh --stop-chromeArchitecture
┌─────────────┐ ┌──────────────────┐ ┌─────────────┐
│ Claude/ │────▶│ MCP Server │────▶│ Chrome │
│ AI Agent │ │ (This Fork) │ │ (CDP) │
└─────────────┘ └──────────────────┘ └─────────────┘
│
┌──────┴──────┐
│ Security │
│ Layers │
└─────────────┘
• PQ Encryption
• Credential Vault
• Memory Wipe
• Audit Logs
• Rate Limits
• Input ValidationFile Structure
chrome-mcp-secure/
├── src/
│ ├── index.ts # MCP server entry point
│ ├── cdp-client.ts # Persistent CDP WebSocket client
│ ├── tools.ts # Browser automation tools
│ │
│ │── # Core Security (v2.1.0)
│ ├── credential-vault.ts # Encrypted credential storage
│ ├── credential-tools.ts # Credential MCP tools
│ ├── crypto.ts # Post-quantum encryption (ML-KEM-768 + ChaCha20)
│ ├── secure-memory.ts # Memory protection utilities
│ ├── security.ts # Input validation, rate limiting
│ ├── logger.ts # Logging with auto-masking
│ ├── errors.ts # Typed error classes
│ │
│ │── # Advanced Security Modules (v2.2.0+)
│ ├── secrets-scanner.ts # Credential leak detection (25+ patterns)
│ ├── response-validator.ts # Prompt injection detection
│ ├── session-manager.ts # Session lifecycle management
│ ├── mcp-auth.ts # Token-based MCP authentication
│ ├── cert-pinning.ts # Certificate pinning for sensitive domains
│ ├── screenshot-redaction.ts # Auto-redact sensitive fields
│ └── file-permissions.ts # Cross-platform secure file permissions
│
├── dist/ # Compiled JavaScript
├── setup.sh # Linux/macOS setup
├── setup.ps1 # Windows setup
├── SECURITY.md # Security documentation
├── CHANGELOG.md # Version history
├── CLAUDE.md # Claude Code integration guide
└── README.mdComparison with Original
Feature | This Fork | |
Chrome automation | ✅ | ✅ |
Persistent WebSocket | ✅ | ✅ |
Cross-platform | ✅ | ✅ |
Post-quantum encryption | ❌ | ✅ |
Secure credential vault | ❌ | ✅ |
Memory scrubbing | ❌ | ✅ |
Audit logging | ❌ | ✅ |
Auto log masking | ❌ | ✅ |
Profile isolation | ❌ | ✅ |
Secrets scanner | ❌ | ✅ |
Prompt injection detection | ❌ | ✅ |
Session management | ❌ | ✅ |
MCP authentication | ❌ | ✅ |
Certificate pinning | ❌ | ✅ |
Screenshot redaction | ❌ | ✅ |
What's New in v2.2.x
v2.2.1 - Cross-Platform File Permissions
All file operations use centralized
file-permissions.tsProper Windows ACL support via
icaclsConsistent 0o700/0o600 permissions on Unix
v2.2.0 - Advanced Security Modules
Six new security modules totaling 3,000+ lines of security hardening:
Secrets Scanner - Detects leaked credentials in page content using patterns from TruffleHog, GitLeaks, and MEDUSA
Response Validator - Blocks prompt injection attacks in scraped content
Session Manager - Auto-expires credential sessions after configurable timeouts
MCP Authentication - Protects the MCP server itself with token-based auth
Certificate Pinning - Validates TLS certificates for sensitive domains
Screenshot Redaction - Overlays sensitive fields before screenshots
See CHANGELOG.md for full version history.
Troubleshooting
Chrome not accessible
curl http://localhost:9222/json
# If no response, start Chrome:
./setup.sh --start-chromeCredential decryption fails
Check if you changed machines (machine-derived key won't work)
Set
CHROME_MCP_ENCRYPTION_KEYto the same key used to encryptCredentials may need to be re-stored if key is lost
Element not found
Use get_page_info to see available elements
Use wait_for_element for dynamic contentDevelopment
# Install dependencies
npm install
# Development mode (auto-reload)
npm run dev
# Type checking
npm run typecheck
# Build for production
npm run build
# Run built version
npm startReporting Vulnerabilities
Found a security issue? Do not open a public GitHub issue.
Email: support@pantheonsecurity.io
Credits
Original Chrome MCP: lxe - chrome-mcp
Security Hardening: Pantheon Security
Security Patterns: Adapted from notebooklm-mcp-secure
Post-Quantum Crypto: @noble/post-quantum
License
MIT - Same as original.
Security hardened by Pantheon Security
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Pantheon-Security/chrome-mcp-secure'
If you have feedback or need assistance with the MCP directory API, please join our Discord server