Security Considerations

ChromeDriver is a powerful tool, and it can cause harms in the wrong hands. While using ChromeDriver, please follow these suggestions to help keeping it safe:

    • By default, ChromeDriver only allows local connections. If you need to connect to it from a remote host, use --allowed-ips switch on the command line to specify a list of IP addresses that are allowed to connect to ChromeDriver.

    • If possible, run ChromeDriver with a test account that has no access to sensitive local or network data. ChromeDriver should never be run with a privileged account.

    • If possible, run ChromeDriver in a protected environment such as Docker or virtual machine.

    • Use firewall to prevent unauthorized remote connection to ChromeDriver.

    • If you are using ChromeDriver through third-party tools such as Selenium Server, be sure to protect the network ports of those tools as well.

    • Use the latest versions of ChromeDriver and Chrome.