Issue Station
Sign In
Tools hereToolbox

claude-code - 💡(How to fix) Fix Chrome extension remote control [1 comments, 2 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
anthropics/claude-code#51844Fetched 2026-04-23 07:43:25
View on GitHub
Comments
1
Participants
2
Timeline
4
Reactions
0
Author
QonyeQonye
Participants
github-actions[bot]github-actions[bot]QonyeQonye
Timeline (top)
labeled ×2commented ×1unlabeled ×1

When Claude Code uses the mcp__Claude_in_Chrome__* browser automation tools, commands are silently routed to a paired Chrome browser on a physically separate device via a WebSocket bridge hosted on claudeusercontent.com. The user receives no warning, no confirmation prompt, and no indication that the browser actions are executing on a different machine. Sensitive browser sessions — including third-party service credentials — are exposed to that other device and its screen without consent.

Error Message

The config stores only the paired device name and ID. There is no field indicating physical location, network, or whether the device is local or remote. Claude Desktop has no logic to detect or warn when the paired device is not the local machine.

Error Messages/Logs

Root Cause

The user noticed because they saw their browser moving on a nearby machine. Had Machine B been in another room, office, or city, this would have been completely invisible.

Code Example

[Chrome MCP] Bridge feature flag: chrome_ext_bridge_enabled_desktop=true, IS_NEST_BUILD=false

---

bridge_url: 'wss://bridge.claudeusercontent.com/chrome/d0b04acc-602c-4f71-bcb8-0d64681e7110'

---

[Claude in Chrome] Connecting to bridge: wss://bridge.claudeusercontent.com/chrome/d0b04acc-602c-4f71-bcb8-0d64681e7110

---

Claude Code (Machine A)
Claude Desktop app (Machine A)
wss://bridge.claudeusercontent.com/chrome/<session-id>Anthropic cloud relay
Claude in Chrome extension (Machine B"personal chrome")
Browser actions execute on Machine B

---

[EventLogging] Queuing event: chrome_bridge_connection_started
[EventLogging] Queuing event: chrome_bridge_connection_succeeded
[EventLogging] Queuing event: chrome_bridge_tool_call_started
[EventLogging] Queuing event: chrome_bridge_tool_call_completed

---

"chromeExtension": {
  "pairedDeviceId": "4fdf659b-4202-4f25-bf19-a14fe77abff2",
  "pairedDeviceName": "personal chrome"
}

---

[Chrome Extension MCP] Registering native host for Chrome in Windows registry
[Chrome Extension MCP] Registry verification successful for Chrome
[Chrome Extension MCP] Registering native host for Brave in Windows registry
[Chrome Extension MCP] Registry verification successful for Brave
[Chrome Extension MCP] Registering native host for Edge in Windows registry
... (Chromium, Arc, Vivaldi, Opera)
[Chrome Extension MCP] Native host installation complete

---

wss://bridge.claudeusercontent.com/chrome/d0b04acc-602c-4f71-bcb8-0d64681e7110

---

bridge_url: 'wss://bridge.claudeusercontent.com/chrome/d0b04acc-602c-4f71-bcb8-0d64681e7110'

[Chrome MCP] Bridge feature flag: chrome_ext_bridge_enabled_desktop=true, IS_NEST_BUILD=false

[Claude in Chrome] Connecting to bridge: wss://bridge.claudeusercontent.com/chrome/d0b04acc-602c-4f71-bcb8-0d64681e7110

[EventLogging] Queuing event: chrome_bridge_connection_started
[EventLogging] Queuing event: chrome_bridge_connection_succeeded
[EventLogging] Queuing event: chrome_bridge_tool_call_started
[EventLogging] Queuing event: chrome_bridge_tool_call_completed

[Claude in Chrome] Bridge connection closed (code: 1006, duration: 210196ms)
[Claude in Chrome] Bridge reconnecting in 2000ms (attempt 1)

---

wss://bridge.claudeusercontent.com/chrome/d0b04acc-602c-4f71-bcb8-0d64681e7110
RAW_BUFFERClick to expand / collapse

Preflight Checklist

  • I have searched existing issues and this hasn't been reported yet
  • This is a single bug report (please file separate reports for different bugs)
  • I am using the latest version of Claude Code

What's Wrong?

Bug Report: Claude in Chrome Silently Executes Browser Commands on a Remote Device Without User Disclosure

Reported by: Martin Konye ([email protected])
Date: 2026-04-22
Product: Claude Desktop (Windows) + Claude in Chrome extension
Severity: High — Privacy & Security
Submit to: https://github.com/anthropics/claude-code/issues

Summary

When Claude Code uses the mcp__Claude_in_Chrome__* browser automation tools, commands are silently routed to a paired Chrome browser on a physically separate device via a WebSocket bridge hosted on claudeusercontent.com. The user receives no warning, no confirmation prompt, and no indication that the browser actions are executing on a different machine. Sensitive browser sessions — including third-party service credentials — are exposed to that other device and its screen without consent.

Steps to Reproduce

  1. Install Claude Desktop on Machine A (Windows).
  2. Install the Claude in Chrome extension on a Chrome browser on Machine B (a different physical device on the same network, or any network).
  3. Pair the extension to the Claude account — Machine B becomes the "personal chrome" paired device.
  4. On Machine A, open a Claude Code session and ask Claude to use browser automation (e.g., "log into Sentry and create alert rules").
  5. Observe: the browser opens and is controlled on Machine B, not Machine A.
  6. Claude completes all browser actions — including navigating to authenticated sessions and executing JavaScript — on the remote device with no warning shown on Machine A.

Observed Behavior

Claude executed browser commands on a different physical device ("personal chrome") without:

  • Any notification that a remote device would be used
  • Any confirmation prompt
  • Any indication in the UI of which device was targeted
  • Any way for the user to know this was happening without physically watching the other device

The user noticed because they saw their browser moving on a nearby machine. Had Machine B been in another room, office, or city, this would have been completely invisible.

Root Cause (from logs)

The mechanism is fully documented in the Claude Desktop log file at:
%APPDATA%\Claude\logs\main.log

1. Feature flag enables cloud bridge over local native messaging

[Chrome MCP] Bridge feature flag: chrome_ext_bridge_enabled_desktop=true, IS_NEST_BUILD=false

When this flag is true, Claude Desktop bypasses the locally installed native host binary (chrome-native-host.exe) and instead routes all browser commands through a WebSocket relay on Anthropic's infrastructure.

2. WebSocket bridge URL (from logs)

bridge_url: 'wss://bridge.claudeusercontent.com/chrome/d0b04acc-602c-4f71-bcb8-0d64681e7110'
[Claude in Chrome] Connecting to bridge: wss://bridge.claudeusercontent.com/chrome/d0b04acc-602c-4f71-bcb8-0d64681e7110

Both the Claude Desktop app (Machine A) and the Chrome extension (Machine B) connect to the same WebSocket endpoint on claudeusercontent.com. Commands flow:

Claude Code (Machine A)
Claude Desktop app (Machine A)
wss://bridge.claudeusercontent.com/chrome/<session-id>   ← Anthropic cloud relay
Claude in Chrome extension (Machine B — "personal chrome")
Browser actions execute on Machine B

3. Browser tool calls confirmed over bridge (from logs)

[EventLogging] Queuing event: chrome_bridge_connection_started
[EventLogging] Queuing event: chrome_bridge_connection_succeeded
[EventLogging] Queuing event: chrome_bridge_tool_call_started
[EventLogging] Queuing event: chrome_bridge_tool_call_completed

These log entries confirm that the browser tool calls (navigate, click, fill, screenshot, etc.) executed over the cloud bridge — not locally.

4. Paired device configuration (from claude_desktop_config.json)

"chromeExtension": {
  "pairedDeviceId": "4fdf659b-4202-4f25-bf19-a14fe77abff2",
  "pairedDeviceName": "personal chrome"
}

The config stores only the paired device name and ID. There is no field indicating physical location, network, or whether the device is local or remote. Claude Desktop has no logic to detect or warn when the paired device is not the local machine.

5. Native host registered for ALL browsers on Machine A but never used

The logs show extensive native host registration on Machine A:

[Chrome Extension MCP] Registering native host for Chrome in Windows registry
[Chrome Extension MCP] Registry verification successful for Chrome
[Chrome Extension MCP] Registering native host for Brave in Windows registry
[Chrome Extension MCP] Registry verification successful for Brave
[Chrome Extension MCP] Registering native host for Edge in Windows registry
... (Chromium, Arc, Vivaldi, Opera)
[Chrome Extension MCP] Native host installation complete

Yet when chrome_ext_bridge_enabled_desktop=true, this local native host (chrome-native-host.exe) is completely bypassed. The installation gives a false impression that browser automation will happen locally.

Security & Privacy Impact

RiskDescription
Credential exposureThird-party service sessions (Sentry, GitHub, banking, etc.) visible on an unattended remote screen during AI-driven navigation
No locality guaranteeThe paired device can be in a different building, city, or country — "same network" is irrelevant to the bridge architecture
Third-party screen visibilityAnyone near Machine B during a session can observe all browser actions, including credentials, tokens, and session data
Transparent relayAll browser state (cookies, session tokens, DOM content) passes through bridge.claudeusercontent.com — a cloud intermediary
No revocation promptThe bridge feature flag (chrome_ext_bridge_enabled_desktop) is controlled server-side; users cannot disable cloud routing from settings
Silent reconnectLogs show the bridge auto-reconnects aggressively (up to 30s retry intervals) — sessions persist across network interruptions without re-consent

Specific Incident

During a Claude Code session on 2026-04-22, I asked Claude to log into konye-consultants.sentry.io and create alert rules. Claude used mcp__Claude_in_Chrome__navigate, mcp__Claude_in_Chrome__javascript_tool, and related tools. All actions executed on "personal chrome" — a Chrome browser on a separate physical machine — via the bridge at:

wss://bridge.claudeusercontent.com/chrome/d0b04acc-602c-4f71-bcb8-0d64681e7110

I only became aware because I was physically present near the other device. Claude provided no warning before or during the session.

Expected Behavior

Before using browser automation tools, Claude should:

  1. Identify the target device — display the pairedDeviceName and whether it is local or remote.
  2. Require confirmation when remote — prompt: "Browser commands will be sent to 'personal chrome' — a paired device that may not be this machine. Continue?"
  3. Allow local-only mode — provide a setting to restrict browser automation to devices on the same machine or require explicit per-session opt-in for remote devices.
  4. Surface the bridge in UI — if the cloud bridge is active, indicate this in the Claude Desktop UI so users understand browser actions leave the local machine.

Environment

ItemValue
Claude Desktop version(check Help → About)
OSWindows 10 Pro 10.0.19045
Bridge endpointwss://bridge.claudeusercontent.com
Feature flagchrome_ext_bridge_enabled_desktop=true
Native host path%APPDATA%\Claude\ChromeNativeHost\chrome-native-host.exe
Log file%APPDATA%\Claude\logs\main.log
Config file%APPDATA%\Claude\claude_desktop_config.json

Log Evidence (excerpts from %APPDATA%\Claude\logs\main.log)

bridge_url: 'wss://bridge.claudeusercontent.com/chrome/d0b04acc-602c-4f71-bcb8-0d64681e7110'

[Chrome MCP] Bridge feature flag: chrome_ext_bridge_enabled_desktop=true, IS_NEST_BUILD=false

[Claude in Chrome] Connecting to bridge: wss://bridge.claudeusercontent.com/chrome/d0b04acc-602c-4f71-bcb8-0d64681e7110

[EventLogging] Queuing event: chrome_bridge_connection_started
[EventLogging] Queuing event: chrome_bridge_connection_succeeded
[EventLogging] Queuing event: chrome_bridge_tool_call_started
[EventLogging] Queuing event: chrome_bridge_tool_call_completed

[Claude in Chrome] Bridge connection closed (code: 1006, duration: 210196ms)
[Claude in Chrome] Bridge reconnecting in 2000ms (attempt 1)

What Should Happen?

well this is purely up to you

Error Messages/Logs

wss://bridge.claudeusercontent.com/chrome/d0b04acc-602c-4f71-bcb8-0d64681e7110

Steps to Reproduce

all in the description

Claude Model

None

Is this a regression?

Yes, this worked in a previous version

Last Working Version

No response

Claude Code Version

latest

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

No response

extent analysis

TL;DR

To address the issue of Claude silently executing browser commands on a remote device without user disclosure, the feature flag chrome_ext_bridge_enabled_desktop should be set to false to disable the cloud bridge and ensure browser automation happens locally.

Guidance

  • Verify the feature flag: Check the log file at %APPDATA%\Claude\logs\main.log to confirm the value of chrome_ext_bridge_enabled_desktop. If it's true, this is likely the cause of the issue.
  • Disable the cloud bridge: Set chrome_ext_bridge_enabled_desktop to false to force browser automation to use the local native host instead of the cloud bridge.
  • Update the configuration: Modify the claude_desktop_config.json file to include a setting that allows users to opt-in for remote device usage or restrict browser automation to local devices.
  • Implement confirmation prompts: Add a confirmation prompt before executing browser commands on a remote device, informing the user that actions will be performed on a paired device that may not be the local machine.

Example

No specific code example is provided as the issue is related to configuration and feature flags rather than code implementation. However, the logs and configuration files mentioned can be used to diagnose and address the issue.

Notes

The provided solution assumes that setting chrome_ext_bridge_enabled_desktop to false will resolve the issue by disabling the cloud bridge. However, this might affect other functionalities that rely on the cloud bridge. Further testing and verification are necessary to ensure that this change does not introduce other problems.

Recommendation

Apply the workaround by setting chrome_ext_bridge_enabled_desktop to false to immediately address the security and privacy concerns associated with silent execution of browser commands on remote devices. This change should be made pending a more comprehensive fix that includes user confirmation prompts and better handling of remote device usage.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#api#installation#parallel task#integration issue#index setup

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

claude-code - 💡(How to fix) Fix Chrome extension remote control [1 comments, 2 participants]