[rainforest]

Could you go into a bit more detail about this? Why is exposing devtools to the agent a problem? What's the attack vector? That the agent might do something malicious to exfil saved passwords?

[arjunchint]

Forget the agent, browser-use's published setup instructions to use with your own Chrome profile and passwords [https://docs.browser-use.com/customize/real-browser, https://github.com/browser-use/browser-use/blob/495714e2dd38...] launches a Chrome session with Remote Debugging enabled.

These tools they are guiding users to setup and execute are "inherently insecure" [https://issues.chromium.org/issues/40056642].

So if you go to a site that can take advantage of these loopholes then your browser is likely to be compromised and could escalate from their.

[rainforest]

Thanks, for the benefit of others the risk is that the devtools port has no Auth so is vulnerable to XSS.

I would surmise that this will stop being a problem if you switch to using a unix socket for the CDP.