{"slug": "chrome-mcp-dedicated-chrome-launcher-for-chrome-devtools-mcp-cdp-attach-that-and", "title": "chrome-mcp — dedicated Chrome launcher for chrome-devtools MCP (CDP attach) that keeps daily-browsing profile clean from navigator.webdriver=true and the reCAPTCHA hits that come with it", "summary": "A developer created chrome-mcp, a dedicated Chrome launcher for the chrome-devtools MCP server that isolates automation profiles from daily browsing. The tool prevents reCAPTCHA triggers and security risks by running a separate Chrome instance with its own user data directory and binding the debugging port only to localhost. It includes a pre-flight check to avoid port conflicts and helps restore trust scores on the daily browser.", "body_md": "A dedicated Chrome launcher for the [chrome-devtools MCP](https://github.com/ChromeDevTools/chrome-devtools-mcp) server (and any other tool that attaches to Chrome via the Chrome DevTools Protocol). Keeps the daily-browsing profile clean.\n\nTo let an AI / MCP / automation tool drive Chrome, you typically launch Chrome with `--remote-debugging-port=9222`\n\n. That works, **but it has two ugly side-effects on whichever Chrome you point it at**:\n\nThis is reCAPTCHA's single strongest \"this is an automated browser\" signal. Even casual browsing starts triggering \"verify you're human\" challenges, image-grid puzzles, and silently-elevated risk scores at Cloudflare / Akamai / Google.`navigator.webdriver === true`\n\non every page you visit.**Whatever bind address you used is exposed.** Many tutorials suggest`--remote-debugging-address=0.0.0.0`\n\n, which means anyone on your LAN (or the wider network if the host is reachable) can attach a debugger to your Chrome — read tabs, inject scripts, exfiltrate cookies. Not great.\n\nIf you set those flags on your daily Chrome (e.g. by editing the `.desktop`\n\nlauncher), **every page you load from then on is fingerprinted as automation**. The reCAPTCHA hits become constant. Site trust scores tank.\n\nRuns a **separate** Chrome instance with:\n\n- Its own\n`--user-data-dir`\n\n(`~/.chrome-mcp-profile`\n\n) — completely isolated cookies, history, extensions, and login state from your daily profile. `--remote-debugging-port=9222`\n\nbound to`127.0.0.1`\n\nonly —**not**`0.0.0.0`\n\n. Only local processes (your MCP) can attach; nothing on the LAN can.- A pre-flight check that refuses to start if anything is already listening on\n`:9222`\n\n(catches the common mistake where the daily browser is still running with the flag inherited from a leftover`.desktop`\n\noverride).\n\nYour daily Chrome stays plain. `navigator.webdriver`\n\nis `undefined`\n\nthere. reCAPTCHA trust score recovers within hours of removing the leak.\n\n```\nchrome-mcp           # foreground; Ctrl+C to stop\nchrome-mcp --headless # no UI (still attachable on 9222)\nchrome-mcp --bg      # background; logs to /tmp/chrome-mcp.log\nmkdir -p ~/bin\ncurl -fsSL https://gist.githubusercontent.com/ProxiBlue/31fb2a1e5cd253ce903782235274eedb/raw/chrome-mcp -o ~/bin/chrome-mcp\nchmod +x ~/bin/chrome-mcp\n# ensure ~/bin is on PATH (Ubuntu adds it via .profile if the dir exists at login)\n```\n\nIf you previously had `--remote-debugging-port=9222`\n\nin a `.desktop`\n\nlauncher, strip it out:\n\n```\nsed -i 's/ --remote-debugging-port=9222 --remote-debugging-address=0\\.0\\.0\\.0//g' \\\n  ~/.local/share/applications/google-chrome.desktop\n# fully quit Chrome (close all windows + crashpad), then relaunch\npkill -f 'google-chrome.*remote-debugging-port' ; sleep 2\n```\n\nAfter launching:\n\n```\ncurl -s http://127.0.0.1:9222/json/version | python3 -m json.tool\n# The userDataDir field should mention \".chrome-mcp-profile\" — NOT Default.\n```\n\nOn your daily browser, open the JS console and check:\n\n```\nnavigator.webdriver\n// expected: undefined  (NOT true)\n```\n\nVisit [https://bot.sannysoft.com](https://bot.sannysoft.com) to see a fuller fingerprint check.\n\nPlaywright's `--isolated`\n\nmode creates a fresh browser CONTEXT per session inside the same browser. That works for Playwright's own scripted runs, but the chrome-devtools MCP attaches to an already-running Chrome via CDP — there's no Playwright runtime to isolate. The `chrome-mcp`\n\nscript is the equivalent for the CDP-attach case: a separate process with its own profile dir.\n\nMIT.", "url": "https://wpnews.pro/news/chrome-mcp-dedicated-chrome-launcher-for-chrome-devtools-mcp-cdp-attach-that-and", "canonical_source": "https://gist.github.com/ProxiBlue/31fb2a1e5cd253ce903782235274eedb", "published_at": "2026-06-21 13:08:15+00:00", "updated_at": "2026-06-25 06:42:39.700303+00:00", "lang": "en", "topics": ["developer-tools", "ai-agents", "ai-safety"], "entities": ["Chrome", "Chrome DevTools Protocol", "reCAPTCHA", "Cloudflare", "Akamai", "Google", "Playwright", "ProxiBlue"], "alternates": {"html": "https://wpnews.pro/news/chrome-mcp-dedicated-chrome-launcher-for-chrome-devtools-mcp-cdp-attach-that-and", "markdown": "https://wpnews.pro/news/chrome-mcp-dedicated-chrome-launcher-for-chrome-devtools-mcp-cdp-attach-that-and.md", "text": "https://wpnews.pro/news/chrome-mcp-dedicated-chrome-launcher-for-chrome-devtools-mcp-cdp-attach-that-and.txt", "jsonld": "https://wpnews.pro/news/chrome-mcp-dedicated-chrome-launcher-for-chrome-devtools-mcp-cdp-attach-that-and.jsonld"}}