Arbitrary JavaScript Execution via eval() in chrome-local-mcp

Arbitrary JavaScript Execution via eval() in chrome-local-mcp Severity: Critical | CWE: CWE-94 (Code Injection) | Package: chrome-local-mcp v1.3.0 We found a critical vulnerability in chrome-local-mcp , a popular MCP server that gives AI agents like Claude full browser control through Puppeteer. The issue is straightforward: an eval tool passes user-supplied JavaScript directly to the browser with zero restrictions. Combined with persistent login sessions, this turns any prompt injection into credential theft, session hijacking, or full remote code execution on the host machine. This was discovered automatically by CraftedTrust Touchstone , our MCP security scanner. Full advisory: touchstone.craftedtrust.com/advisories/disc_mn8qpzep What chrome-local-mcp Does chrome-local-mcp is a Model Context Protocol server that exposes 22 tools for browser automation: Claude Code -> MCP Server (stdio) -> Puppeteer -> Chrome The core idea is practical - give your AI agent the ability to navigate web