cd /news/developer-tools/chrome-mcp-dedicated-chrome-launcher… · home topics developer-tools article
[ARTICLE · art-38918] src=gist.github.com ↗ pub= topic=developer-tools verified=true sentiment=↑ positive

chrome-mcp — dedicated Chrome launcher for chrome-devtools MCP (CDP attach) that keeps daily-browsing profile clean from navigator.webdriver=true and the reCAPTCHA hits that come with it

A developer created chrome-mcp, a dedicated Chrome launcher for the chrome-devtools MCP server that isolates automation profiles from daily browsing. The tool prevents reCAPTCHA triggers and security risks by running a separate Chrome instance with its own user data directory and binding the debugging port only to localhost. It includes a pre-flight check to avoid port conflicts and helps restore trust scores on the daily browser.

read2 min views14 publishedJun 21, 2026

A dedicated Chrome launcher for the chrome-devtools MCP server (and any other tool that attaches to Chrome via the Chrome DevTools Protocol). Keeps the daily-browsing profile clean.

To let an AI / MCP / automation tool drive Chrome, you typically launch Chrome with --remote-debugging-port=9222

. That works, but it has two ugly side-effects on whichever Chrome you point it at:

This is reCAPTCHA's single strongest "this is an automated browser" signal. Even casual browsing starts triggering "verify you're human" challenges, image-grid puzzles, and silently-elevated risk scores at Cloudflare / Akamai / Google.navigator.webdriver === true

on every page you visit.Whatever bind address you used is exposed. Many tutorials suggest--remote-debugging-address=0.0.0.0

, which means anyone on your LAN (or the wider network if the host is reachable) can attach a debugger to your Chrome — read tabs, inject scripts, exfiltrate cookies. Not great.

If you set those flags on your daily Chrome (e.g. by editing the .desktop

launcher), every page you load from then on is fingerprinted as automation. The reCAPTCHA hits become constant. Site trust scores tank.

Runs a separate Chrome instance with:

  • Its own --user-data-dir

(~/.chrome-mcp-profile

) — completely isolated cookies, history, extensions, and login state from your daily profile. --remote-debugging-port=9222

bound to127.0.0.1

only —not0.0.0.0

. Only local processes (your MCP) can attach; nothing on the LAN can.- A pre-flight check that refuses to start if anything is already listening on :9222

(catches the common mistake where the daily browser is still running with the flag inherited from a leftover.desktop

override).

Your daily Chrome stays plain. navigator.webdriver

is undefined

there. reCAPTCHA trust score recovers within hours of removing the leak.

chrome-mcp           # foreground; Ctrl+C to stop
chrome-mcp --headless # no UI (still attachable on 9222)
chrome-mcp --bg      # background; logs to /tmp/chrome-mcp.log
mkdir -p ~/bin
curl -fsSL https://gist.githubusercontent.com/ProxiBlue/31fb2a1e5cd253ce903782235274eedb/raw/chrome-mcp -o ~/bin/chrome-mcp
chmod +x ~/bin/chrome-mcp

If you previously had --remote-debugging-port=9222

in a .desktop

launcher, strip it out:

sed -i 's/ --remote-debugging-port=9222 --remote-debugging-address=0\.0\.0\.0//g' \
  ~/.local/share/applications/google-chrome.desktop
pkill -f 'google-chrome.*remote-debugging-port' ; sleep 2

After launching:

curl -s http://127.0.0.1:9222/json/version | python3 -m json.tool

On your daily browser, open the JS console and check:

navigator.webdriver
// expected: undefined  (NOT true)

Visit https://bot.sannysoft.com to see a fuller fingerprint check.

Playwright's --isolated

mode creates a fresh browser CONTEXT per session inside the same browser. That works for Playwright's own scripted runs, but the chrome-devtools MCP attaches to an already-running Chrome via CDP — there's no Playwright runtime to isolate. The chrome-mcp

script is the equivalent for the CDP-attach case: a separate process with its own profile dir.

MIT.

── more in #developer-tools 4 stories · sorted by recency
── more on @chrome 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/chrome-mcp-dedicated…] indexed:0 read:2min 2026-06-21 ·