Skip to content

browser-use

v0.12.8 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 11d AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai-agents ai-tools browser-automation browser-use llm playwright
+1 more
python

Affected surfaces

auth rbac

ReleasePort's take

Light signal
editorial:auto 10d

The upcoming 0.12.8 release restricts daemon Unix socket access to owner‑only and adjusts the tools.evaluate() API behavior regarding restricted browser profiles.

Why it matters: Restricting the daemon socket to owner‑only reduces privilege‑escalation risk; reverting evaluate() restrictions restores expected functionality for affected integrations in version 0.12.8.

Summary

AI summary

Updates llm, feat, and daemon across a mixed release.

Changes in this release

Security Medium

Restrict unix socket file to owner-only access

Restrict unix socket file to owner-only access

Source: llm_adapter@2026-05-24

Confidence: high
Feature Medium

Add client header to GoogleChat integration

Add client header to GoogleChat integration

Source: llm_adapter@2026-05-24

Confidence: low
Feature Medium

Add OpenRouter pricing fallback for token costs

Add OpenRouter pricing fallback for token costs

Source: llm_adapter@2026-05-24

Confidence: low
Feature Medium

Forward cached_content into generate_content workflow

Forward cached_content into generate_content workflow

Source: llm_adapter@2026-05-24

Confidence: low
Dependency Medium

Recommend gemini-3-flash-preview in examples and tests

Recommend gemini-3-flash-preview in examples and tests

Source: llm_adapter@2026-05-24

Confidence: low
Bugfix Medium

Refuse evaluate() on restricted browser profiles

Refuse evaluate() on restricted browser profiles

Source: llm_adapter@2026-05-24

Confidence: high
Bugfix Medium

Revert evaluate() restriction on restricted browser profiles

Revert evaluate() restriction on restricted browser profiles

Source: llm_adapter@2026-05-24

Confidence: high
Bugfix Medium

Revert ChatGoogle cached_content forwarding change

Revert ChatGoogle cached_content forwarding change

Source: llm_adapter@2026-05-24

Confidence: low
Refactor Medium

Freeze HistoryItem and lock byte‑prefix property

Freeze HistoryItem and lock byte‑prefix property

Source: llm_adapter@2026-05-24

Confidence: low
Refactor Medium

Move per‑step metadata out of <agent_state> into a tail block

Move per‑step metadata out of <agent_state> into a tail block

Source: llm_adapter@2026-05-24

Confidence: low
Full changelog

What's Changed

  • fix(daemon): restrict unix socket file to owner-only access by @sauravpanda in https://github.com/browser-use/browser-use/pull/4870
  • docs: clarify integration example placement by @felix-windsor in https://github.com/browser-use/browser-use/pull/4856
  • fix(tools): refuse evaluate() on restricted browser profiles by @sauravpanda in https://github.com/browser-use/browser-use/pull/4871
  • chore(llm): default ChatBrowserUse to bu-2-0 by @sauravpanda in https://github.com/browser-use/browser-use/pull/4876
  • feat: add client header to GoogleChat by @markmcd in https://github.com/browser-use/browser-use/pull/4884
  • chore(llm): recommend gemini-3-flash-preview in examples and tests by @sauravpanda in https://github.com/browser-use/browser-use/pull/4885
  • Add OpenRouter pricing fallback for token costs by @sauravpanda in https://github.com/browser-use/browser-use/pull/4886
  • agent(history): freeze HistoryItem + lock byte-prefix property by @sauravpanda in https://github.com/browser-use/browser-use/pull/4890
  • agent(prompts): move per-step metadata out of <agent_state> into a tail block by @sauravpanda in https://github.com/browser-use/browser-use/pull/4891
  • feat: forward cached_content into generate_content by @sauravpanda in https://github.com/browser-use/browser-use/pull/4889
  • Move user request before agent history by @MagMueller in https://github.com/browser-use/browser-use/pull/4897
  • Bump version to 0.12.8 by @MagMueller in https://github.com/browser-use/browser-use/pull/4899
  • Revert ChatGoogle cached_content forwarding by @MagMueller in https://github.com/browser-use/browser-use/pull/4900
  • Revert evaluate restriction on restricted profiles by @MagMueller in https://github.com/browser-use/browser-use/pull/4901
  • Trim HistoryItem freeze follow-up by @MagMueller in https://github.com/browser-use/browser-use/pull/4902

New Contributors

  • @felix-windsor made their first contribution in https://github.com/browser-use/browser-use/pull/4856

Full Changelog: https://github.com/browser-use/browser-use/compare/0.12.7...0.12.8

Security Fixes

  • fix(daemon): restrict unix socket file to owner-only access
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track browser-use

Get notified when new releases ship.

Sign up free

About browser-use

Make websites accessible for AI agents. Automate tasks online with ease.

All releases →

Related context

Beta — feedback welcome: [email protected]