Enterprise-grade Chrome Automation MCP Server with Security Audit & Encryption

Chrome MCP Secure

This is an enterprise-level security-hardened Chrome automation MCP server that provides compliance audit logs, post-quantum encryption, secure credential storage, and session management. It is designed for enterprise environments that require high security and compliance.

Browser automation Security #Browser Automation #Enterprise Security #Compliance Audit #Credential Management .TypeScript

rating : 2 points

downloads : 5.1K

update time : 2025-12-29

Open Site

What is Chrome MCP Server?

This is a Chrome browser automation tool specifically designed for AI assistants (such as Claude). It allows AI assistants to control the Chrome browser through a secure interface, performing operations such as navigation, clicking, filling out forms, and taking screenshots, while ensuring that all sensitive information (such as login credentials) is encrypted and protected.

How to use Chrome MCP Server?

You only need to start the Chrome browser and enable the remote debugging function, then configure the AI assistant (such as Claude Code) to connect to this MCP server. The AI assistant can then control the browser through natural language instructions, such as 'Open a website', 'Log in to my account', 'Fill out a form', etc.

Applicable scenarios

Suitable for scenarios where AI assistants are needed to assist with web operations, such as automated testing, data collection, web content analysis, automation of repetitive web tasks, security audits, etc. It is particularly suitable for automated tasks that require security and audit tracking in an enterprise environment.

Main Features

Browser Automation

Supports 15 browser operation tools, including navigation, clicking, screenshotting, scrolling, form filling, etc., allowing AI assistants to fully control the Chrome browser.

Secure Credential Vault

Uses post-quantum encryption technology (ML-KEM-768 + ChaCha20-Poly1305) to store login credentials. Credentials are automatically erased from memory to prevent leakage.

Compliance Audit Logs

Generates audit logs that comply with standards such as SOC2 and GDPR, supporting formats such as CEF and Syslog, facilitating integration with SIEM systems and meeting enterprise compliance requirements.

Sensitive Information Scanner

Automatically detects sensitive information leakage on pages, including more than 25 patterns such as API keys, passwords, and credit card numbers, preventing accidental leakage.

Session Management

Automatically manages browser sessions, supporting a maximum session of 8 hours and a 30-minute inactivity timeout to ensure session security.

Screenshot Redaction

Automatically masks sensitive fields (passwords, credit card numbers, CVV, etc.) before taking a screenshot to protect privacy information.

Advantages

Enterprise-level security: Post-quantum encryption, memory erasure, audit logs

Highly reliable: Tested for a long time, supporting continuous use for more than 4 hours

Productivity improvement: 10 times more efficient than manual operation

Compliance-ready: Supports standards such as SOC2, GDPR, and PCI DSS

Easy to integrate: Supports Docker deployment and is compatible with existing SIEM systems

Limitations

Requires Chrome browser to support remote debugging

Enterprise-level features require certain technical knowledge for configuration

Extra attention is needed for encryption key management (credentials cannot be recovered if the key is lost)

Some websites may detect and block automated operations

How to Use

Installation and Setup

Clone the repository and run the installation script. The script will automatically install dependencies and configure Claude Code for connection.

Start Chrome Browser

Start the Chrome browser and enable the remote debugging function, using a dedicated profile to ensure isolation.

Use in Claude Code

Use natural language instructions directly in Claude Code to control the browser, such as 'Check Chrome connection' and 'Navigate to a website'.

Store and Use Credentials

Securely store login credentials, and then let the AI assistant automatically log in to websites.

Usage Examples

Automated Website Login

Let the AI assistant automatically log in to websites that require authentication, such as GitHub and Google.

Web Data Collection

Collect data from multiple web pages and organize it into a structured format.

Form Automation Filling

Automatically fill out complex web forms, such as contact forms and registration forms.

Website Screenshot and Report

Take screenshots of a website and generate a visual report.

Frequently Asked Questions

Is this tool secure? Will my login credentials be leaked?

Do I need programming knowledge to use it?

What browser operations are supported?

What if the encryption key is lost?

Will this tool be detected as a robot by websites?

How can I view operation logs and audit records?

Related Resources

GitHub Repository

Source code and latest version

Security Documentation

Detailed security architecture and configuration guide

Change Log

Version update history and new feature descriptions

Original Project

The original version of this project (without security enhancements)

Model Context Protocol

Official documentation of the MCP protocol

🚀 Chrome MCP Server (Security Hardened)

Enterprise-grade Chrome automation for AI agents with compliance-ready logging

This project offers enterprise - level Chrome automation for AI agents, featuring logging that meets compliance requirements. It's designed to ensure security, compliance, and auditability in corporate environments.

Enterprise Features • Compliance Logging • Security Features • Quick Start • Docker Deploy

🚀 Quick Start

1. Start Chrome with debugging

./setup.sh --start-chrome

2. Use in Claude Code

"Check Chrome connection with health tool"
"Navigate to https://example.com"
"Take a screenshot"

3. Secure Login Flow

"Store a credential for my GitHub account"
"Navigate to github.com/login"
"Use secure_login with the stored credential"

✨ Features

Enterprise Ready

Built for corporate environments where security, compliance, and auditability are non - negotiable.

Requirement	Solution
Audit Trails	Hash - chained audit logs with tamper detection
SIEM Integration	CEF (Splunk, ArcSight, QRadar) + Syslog (RFC 5424)
Credential Security	Post - quantum encryption (ML - KEM - 768 + ChaCha20 - Poly1305)
Data Protection	Auto - redaction of PII in screenshots and logs
Session Control	Configurable timeouts, auto - expiry, inactivity lockout
Access Control	Token - based authentication with brute - force protection
Compliance Logging	OWASP - compliant event categories, correlation IDs

Compliance Standards Support

Standard	Coverage
SOC 2 Type II	Audit logging, access controls, encryption at rest
GDPR	Data minimization, right to erasure, audit trails
PCI DSS	Credential protection, access logging, encryption
HIPAA	Audit controls, access management, encryption

Real - World Results

"We used this MCP for hours building out our security dashboard - the reliability was incredible. The amount of work we produced was huge compared to manual browser interaction." — Pantheon Security team

Production Tested

Metric	Result
Session Duration	4+ hours continuous use
Stability	Zero crashes or disconnects
Credential Security	All logins encrypted, auto - wiped
Productivity Gain	10x faster than manual browser work

This isn't just a security enhancement - it's a reliable workhorse for AI - assisted browser automation. When you need Claude to interact with web apps for extended sessions, this MCP delivers.

Available Tools

Browser Automation (15 tools)

Tool	Description
`health`	Check Chrome connection and version
`navigate`	Navigate to URL
`get_tabs`	List all Chrome tabs
`click_element`	Click element by CSS selector
`click`	Click at coordinates
`type`	Type text at cursor
`get_text`	Extract text from element
`get_page_info`	Get URL, title, interactive elements
`get_page_state`	Get scroll position, viewport size
`scroll`	Scroll to coordinates
`screenshot`	Capture page screenshot
`wait_for_element`	Wait for element to appear
`evaluate`	Execute JavaScript
`fill`	Fill form field
`bypass_cert_and_navigate`	Navigate with HTTPS cert bypass

Secure Credential Tools (7 tools)

Tool	Description
`store_credential`	Store encrypted login credentials
`list_credentials`	List stored credentials (no passwords shown)
`get_credential`	Get credential metadata
`delete_credential`	Remove a stored credential
`update_credential`	Update an existing credential
`secure_login`	Auto - fill login forms using stored credentials
`get_vault_status`	Check vault encryption status

📦 Installation

One - Command Setup (Recommended)

Linux / macOS:

git clone https://github.com/Pantheon-Security/chrome-mcp-secure.git
cd chrome-mcp-secure
./setup.sh

Windows (PowerShell):

git clone https://github.com/Pantheon-Security/chrome-mcp-secure.git
cd chrome-mcp-secure
.\setup.ps1

This will:

Install dependencies and build the project
Register the MCP server with Claude Code
Start Chrome with remote debugging
Create an isolated Chrome profile

Manual Setup

npm install && npm run build
claude mcp add chrome-mcp-secure --scope user -- node /path/to/chrome-mcp-secure/dist/index.js
google-chrome --remote-debugging-port=9222 --user-data-dir=~/.chrome-mcp-profile

Platform - Specific Notes

Platform	Setup Script	Chrome Profile Location
Linux	`./setup.sh`	`~/.chrome-mcp-profile`
macOS	`./setup.sh`	`~/.chrome-mcp-profile`
Windows	`.\setup.ps1`	`%USERPROFILE%\.chrome-mcp-profile`

💻 Usage Examples

Secure Credential Usage

Storing Credentials

"Store a credential for my Google account:
- Name: "Google Work"
- Type: google
- Email: me@example.com
- Password: mypassword123
- Domain: google.com"

Using Credentials for Login

1. Navigate to https://accounts.google.com
2. Use secure_login with the stored credential

The secure_login tool will:

Retrieve and decrypt the credential from the vault
Auto - fill the username/email field
Auto - fill the password field
Click the submit button
Wipe credentials from memory after use

📚 Documentation

Compliance Logging

SIEM - ready logging in industry - standard formats. Every tool execution, credential access, and security event is logged.

Output Formats

Format	Use Case	Example
CEF	Splunk, ArcSight, QRadar	`CEF:0\|Pantheon - Security\|Chrome - MCP - Secure\|2.3.0\|...`
Syslog	Centralized logging (RFC 5424)	`<134>1 2025-12-16T10:30:00Z ...`
JSONL	Elastic, custom pipelines	`{"timestamp":"...","category":"audit",...}`

Event Categories (OWASP - Compliant)

authentication - Login attempts, session creation
authorization - Access control decisions
credential - Vault operations (store, retrieve, delete)
audit - Tool executions with timing
security - Rate limits, injection attempts, anomalies
data_access - Sensitive data retrieval

Quick Configuration

# Enable CEF logging for Splunk
COMPLIANCE_LOG_FORMAT=cef
COMPLIANCE_LOG_DIR=./logs/compliance

# Forward to remote syslog
SYSLOG_HOST=siem.company.com
SYSLOG_PORT=514

Example CEF Output

CEF:0|Pantheon-Security|Chrome-MCP-Secure|2.3.0|audit:tool:navigate|tool:navigate|3|rt=1702732800000 outcome=success msg=Tool navigate executed: success request=https://internal.company.com cn1=1702732800-abc123 cn1Label=correlationId

Configuration

Environment Variables

# Chrome connection
CHROME_HOST=localhost
CHROME_PORT=9222
CHROME_PROFILE_DIR=~/.chrome-mcp-profile

# Encryption (recommended for production)
CHROME_MCP_ENCRYPTION_KEY=<base64-32-bytes>
CHROME_MCP_USE_POST_QUANTUM=true

# Credential vault
CHROME_MCP_CONFIG_DIR=~/.chrome-mcp
CHROME_MCP_CREDENTIAL_TTL=300000  # 5 minutes

# Logging
LOG_LEVEL=info
AUDIT_LOGGING=true

Generate Strong Encryption Key

openssl rand -base64 32

See SECURITY.md for complete configuration reference.

Management Commands

# Full setup
./setup.sh

# Check status
./setup.sh --check

# Uninstall from Claude Code
./setup.sh --uninstall

# Start/stop Chrome
./setup.sh --start-chrome
./setup.sh --stop-chrome

Troubleshooting

Chrome not accessible

curl http://localhost:9222/json
# If no response, start Chrome:
./setup.sh --start-chrome

Credential decryption fails

Check if you changed machines (machine - derived key won't work)
Set CHROME_MCP_ENCRYPTION_KEY to the same key used to encrypt
Credentials may need to be re - stored if key is lost

Element not found

Use get_page_info to see available elements
Use wait_for_element for dynamic content

Development

# Install dependencies
npm install

# Development mode (auto - reload)
npm run dev

# Type checking
npm run typecheck

# Build for production
npm run build

# Run built version
npm start

🔧 Technical Details

Security Features

Core Security (v2.1.0)

Feature	Description
Post - Quantum Encryption	ML - KEM - 768 + ChaCha20 - Poly1305 hybrid
Secure Credential Vault	Encrypted at rest, auto - wiped from memory
Memory Scrubbing	Zeros sensitive data after use
Audit Logging	Tamper - evident logs with hash chains
Profile Isolation	Dedicated Chrome profile for secure sessions
Log Sanitization	Credentials masked in all output
Rate Limiting	100 requests per minute per operation
Input Validation	CSS selector sanitization, URL validation

Advanced Security Modules (v2.2.0+)

Module	Description
Secrets Scanner	Detects 25+ credential patterns (AWS, GitHub, Slack, OpenAI keys, private keys, JWTs, credit cards, SSNs)
Response Validator	Prompt injection detection (15 patterns), suspicious URL blocking, encoded payload detection
Session Manager	Credential session lifecycle with 8h max lifetime and 30min inactivity timeout
MCP Authentication	Token - based auth with auto - generation, SHA256 hashing, brute - force lockout
Certificate Pinning	SPKI - style pinning for Google, GitHub, Microsoft, Anthropic, OpenAI domains
Screenshot Redaction	Auto - redacts password fields, credit cards, CVV, SSN, API keys in screenshots
Cross - Platform Permissions	Secure file permissions on Linux, macOS, and Windows (icacls)

Post - Quantum Ready

Traditional encryption will be broken by quantum computers. This fork uses hybrid encryption:

ML - KEM - 768 (Kyber) + ChaCha20 - Poly1305

ML - KEM - 768: NIST - standardized post - quantum key encapsulation
ChaCha20 - Poly1305: Modern stream cipher (immune to timing attacks)

Even if one algorithm is broken, the other remains secure.

Why Post - Quantum Now?

Timeline	Threat
2024 - 2030	"Harvest now, decrypt later" attacks - adversaries collecting encrypted data today
2030 - 2035	Early cryptographically - relevant quantum computers expected
2035+	Current RSA/ECC encryption potentially broken

Your browser credentials stored today could be decrypted in 10 years. This fork protects against that future threat now.

Security Architecture

Encryption

                    ┌─────────────────────────────────────┐
                    │      ML - KEM - 768 Key Pair            │
                    │   (Post - Quantum Key Encapsulation)  │
                    └─────────────────┬───────────────────┘
                                      │
                    ┌─────────────────┴───────────────────┐
                    │      ChaCha20 - Poly1305              │
                    │   (Symmetric AEAD Encryption)       │
                    └─────────────────┬───────────────────┘
                                      │
                    ┌─────────────────┴───────────────────┐
                    │      Encrypted Credential Files     │
                    │   ~/.chrome - mcp/credentials/*.pqenc │
                    └─────────────────────────────────────┘

Memory Protection

SecureCredential class: Auto - wipes credentials after TTL (5 min default)
Zero - fill buffers: Random overwrite + zero fill prevents memory dumps
No credential logging: Automatic masking of sensitive field names

Why ChaCha20 - Poly1305 over AES - GCM?

Property	ChaCha20 - Poly1305	AES - GCM
Timing attacks	Immune (constant - time)	Vulnerable without AES - NI
Software speed	Fast everywhere	Slow without hardware
Complexity	Simple	Complex (GCM mode)
Adoption	Google, Cloudflare TLS	Legacy systems

Architecture

┌─────────────┐     ┌──────────────────┐     ┌─────────────┐
│ Claude/     │────▶│  MCP Server      │────▶│   Chrome    │
│ AI Agent    │     │  (This Fork)     │     │   (CDP)     │
└─────────────┘     └──────────────────┘     └─────────────┘
                           │
                    ┌──────┴──────┐
                    │  Security   │
                    │   Layers    │
                    └─────────────┘
                    • PQ Encryption
                    • Credential Vault
                    • Memory Wipe
                    • Audit Logs
                    • Rate Limits
                    • Input Validation

File Structure

chrome - mcp - secure/
├── src/
│   ├── index.ts              # MCP server entry point
│   ├── cdp - client.ts         # Persistent CDP WebSocket client
│   ├── tools.ts              # Browser automation tools
│   │
│   │── # Core Security (v2.1.0)
│   ├── credential - vault.ts   # Encrypted credential storage
│   ├── credential - tools.ts   # Credential MCP tools
│   ├── crypto.ts             # Post - quantum encryption (ML - KEM - 768 + ChaCha20)
│   ├── secure - memory.ts      # Memory protection utilities
│   ├── security.ts           # Input validation, rate limiting
│   ├── logger.ts             # Logging with auto - masking
│   ├── errors.ts             # Typed error classes
│   │
│   │── # Advanced Security Modules (v2.2.0+)
│   ├── secrets - scanner.ts    # Credential leak detection (25+ patterns)
│   ├── response - validator.ts # Prompt injection detection
│   ├── session - manager.ts    # Session lifecycle management
│   ├── mcp - auth.ts           # Token - based MCP authentication
│   ├── cert - pinning.ts       # Certificate pinning for sensitive domains
│   ├── screenshot - redaction.ts # Auto - redact sensitive fields
│   └── file - permissions.ts   # Cross - platform secure file permissions
│
├── dist/                     # Compiled JavaScript
├── setup.sh                  # Linux/macOS setup
├── setup.ps1                 # Windows setup
├── SECURITY.md               # Security documentation
├── CHANGELOG.md              # Version history
├── CLAUDE.md                 # Claude Code integration guide
└── README.md

Comparison with Original

Feature	lxe/chrome-mcp	This Fork
Chrome automation	✅	✅
Persistent WebSocket	✅	✅
Cross - platform	✅	✅
Post - quantum encryption	❌	✅
Secure credential vault	❌	✅
Memory scrubbing	❌	✅
Audit logging	❌	✅
Auto log masking	❌	✅
Profile isolation	❌	✅
Secrets scanner	❌	✅
Prompt injection detection	❌	✅
Session management	❌	✅
MCP authentication	❌	✅
Certificate pinning	❌	✅
Screenshot redaction	❌	✅

What's New in v2.2.x

v2.2.1 - Cross - Platform File Permissions

All file operations use centralized file - permissions.ts
Proper Windows ACL support via icacls
Consistent 0o700/0o600 permissions on Unix

v2.2.0 - Advanced Security Modules

Six new security modules totaling 3,000+ lines of security hardening:

Secrets Scanner - Detects leaked credentials in page content using patterns from TruffleHog, GitLeaks, and MEDUSA
Response Validator - Blocks prompt injection attacks in scraped content
Session Manager - Auto - expires credential sessions after configurable timeouts
MCP Authentication - Protects the MCP server itself with token - based auth
Certificate Pinning - Validates TLS certificates for sensitive domains
Screenshot Redaction - Overlays sensitive fields before screenshots

See CHANGELOG.md for full version history.

📄 License

MIT - Same as original.

⚠️ Important Note

This is a security - hardened fork of lxe/chrome-mcp maintained by Pantheon Security.

💡 Usage Tip

For complete configuration reference, see SECURITY.md. If you find a security issue, do not open a public GitHub issue. Email: support@pantheonsecurity.io.