High-risk tools in Chrome MCP Server
10 of the 11 tools in Chrome MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
evaluateExecuteExecute JavaScript code in the context of the current page
-
navigateExecuteNavigate to a specified URL in the browser. Only use this if you have reasonably inferred the URL from the user
-
clickExecuteClick at specific x,y coordinates in the browser window. IMPORTANT: Always check the page info after clicking. When interacting with dropdowns, use ArrowUp and ArrowDown keys. T...
-
clickElementByIndexExecuteClick an interactive element by its index in the page. Indices are returned by getPageInfo. Always check the page info after clicking. For text input fields, prefer using focusE...
-
doubleClickExecuteDouble click at specific x,y coordinates in the browser window. Useful for text selection or other double-click specific actions. Always check the page info after double clicking.
-
focusElementByIndexExecuteFocus an interactive element by its index in the page. Indices are returned by getPageInfo. This is the preferred method for focusing text input fields before typing. Always che...
-
goBackExecuteNavigate back one step in the browser history
-
goForwardExecuteNavigate forward one step in the browser history
-
tripleClickExecuteTriple click at specific x,y coordinates in the browser window. Useful for selecting entire paragraphs or lines of text. Always check the page info after triple clicking.
-
typeExecuteType text into the currently focused element, with support for special keys like {Enter}, {Tab}, etc. Use {Enter} for newlines in textareas or to submit forms. NEVER USE \n\n IN...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.