Skip to content

Pantheon-Security/chrome-mcp-secure

v2.2.0 Feature

This release adds 6 notable features for engineering teams evaluating rollout.

Published 6mo MCP Security & Auth
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai automation browser-automation chrome claude devtools
+7 more
encryption google llm mcp post-quantum security typescript

Affected surfaces

auth rbac

Summary

AI summary

Adds six new security modules including secrets scanning, response validation, session management, token authentication, certificate pinning, and screenshot redaction.

Full changelog

Chrome MCP Secure v2.2.0

Advanced Security Modules Release

New Security Features

| Module | Description |
|--------|-------------|
| Secrets Scanner | Detects 25+ credential patterns (AWS, GitHub, Slack, Stripe, OpenAI, Anthropic keys, private keys, JWTs, credit cards, SSNs) |
| Response Validator | Prompt injection detection (15 patterns), suspicious URL blocking, encoded payload detection |
| Session Manager | Credential session lifecycle with 8h max lifetime and 30min inactivity timeout |
| MCP Authentication | Token-based auth with auto-generation, SHA256 hashing, brute-force lockout |
| Certificate Pinning | SPKI-style pinning for Google, GitHub, Microsoft, Anthropic, OpenAI domains |
| Screenshot Redaction | Auto-redacts password fields, credit cards, CVV, SSN, API keys in screenshots |

Installation

git clone https://github.com/Pantheon-Security/chrome-mcp-secure.git
cd chrome-mcp-secure
./setup.sh

What's Changed

  • 6 new security modules totaling 3,000+ lines of security hardening
  • Patterns derived from MEDUSA AI Security Scanner, TruffleHog, and GitLeaks
  • Comprehensive CHANGELOG.md documenting all versions
  • Hashtags for discoverability

Full Changelog

See CHANGELOG.md

#anthropic #mcp #claude #mcp-server #ai-agent #chrome #browser-automation #security #post-quantum #encryption #pantheon-security

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Pantheon-Security/chrome-mcp-secure

Get notified when new releases ship.

Sign up free

About Pantheon-Security/chrome-mcp-secure

Security-hardened Chrome automation with post-quantum encryption (ML-KEM-768 + ChaCha20-Poly1305), secure credential vault, memory scrubbing, and audit logging. 22 tools for browser automation and secure logins.

All releases →

Related context

Beta — feedback welcome: [email protected]