I submitted a remote code execution to the browser-use about 40 days ago. GHSA-r2x7-6hq9-qp7v
I am a bit stunned by the lack of response. Any safety concerns in this project?
Yes, why the F*&( is there a remote-debugging warning!
The consent checkbox at chrome://inspect/#remote-debugging only gates Chrome's primary/default user-data-dir -- your everyday browser. The reason to use this is so that all your history, cookies, and everything else is not available to the agent. Give the agent an empty sandbox profile to start with. If it needs a persistent login, ... hmmmmm roll a browser in a browser, BRB.
That's pretty good, I've achieved pretty much the same thing using the vercel's agent-browser, but I've tried playwright and it worked easily as good. Its good for scraping, automating stuff in the browser.
agent-browser uses playwright so it struggles with things like cross-origin-iframes - on the other hand, browser harness uses raw cdp, which is unrestrictive. It's discussed in this blog post! https://browser-use.com/posts/bitter-lesson-agent-harnesses
> The new paradigm? SKILL.md + a few python helpers that need to have the ability to change on the fly. [...] What would you call this new paradigm? A dialect?
It's called "agentic coding" for all I know, and isn't a new paradigm, the whole purpose with agentic coding is that it uses tools to do their thing, then those tools could be structured as the good old JSON schema tools next to the implemented runtime, or as MCP, or HTTP API or whatever, the "paradigm" is the same: Have a harness, have a LLM, let the harness define tools that the LLM can use those.
Any agent that accepts "work in this working directory" (which AFAIK, all of them do) have had this ability, even the initial GPT2/3 experiments around matching LLMs with primitive tool-calling.
I submitted a remote code execution to the browser-use about 40 days ago. GHSA-r2x7-6hq9-qp7v I am a bit stunned by the lack of response. Any safety concerns in this project?
Yes, why the F*&( is there a remote-debugging warning!
The consent checkbox at chrome://inspect/#remote-debugging only gates Chrome's primary/default user-data-dir -- your everyday browser. The reason to use this is so that all your history, cookies, and everything else is not available to the agent. Give the agent an empty sandbox profile to start with. If it needs a persistent login, ... hmmmmm roll a browser in a browser, BRB.
Browser Use knows this! [0]
[0] https://github.com/browser-use/browser-use/issues/1520
Hey! Where did you submit this exactly? Can you provide a link? Will ask others on the team also, but I am not sure what you are referring to.
That's pretty good, I've achieved pretty much the same thing using the vercel's agent-browser, but I've tried playwright and it worked easily as good. Its good for scraping, automating stuff in the browser.
agent-browser uses playwright so it struggles with things like cross-origin-iframes - on the other hand, browser harness uses raw cdp, which is unrestrictive. It's discussed in this blog post! https://browser-use.com/posts/bitter-lesson-agent-harnesses
I think the usecase here is to go beyond scraping. I think you can use it as a tool for agent harnesses and make it part of a larger workflow.
If I'm understanding correctly, this might be the first example of just-in-time agentic coding that I've come across.
> The new paradigm? SKILL.md + a few python helpers that need to have the ability to change on the fly. [...] What would you call this new paradigm? A dialect?
It's called "agentic coding" for all I know, and isn't a new paradigm, the whole purpose with agentic coding is that it uses tools to do their thing, then those tools could be structured as the good old JSON schema tools next to the implemented runtime, or as MCP, or HTTP API or whatever, the "paradigm" is the same: Have a harness, have a LLM, let the harness define tools that the LLM can use those.
IIUC the point is that the agent has the ability to modify itself? So one possible term could be "self-evolving" or "self-modifying agent".
Any agent that accepts "work in this working directory" (which AFAIK, all of them do) have had this ability, even the initial GPT2/3 experiments around matching LLMs with primitive tool-calling.
1. Can you elaborate on the self healing aspect of it?
2. Can you publish a tabular comparison on your README?
3. What information gets sent to your API server?
I was wondering when someone would finally build this.
Anyway, of course this will be superseded by a harness that provides freedom to complete any task within the OS.
it will be crazy when someone builds this
Sawyer Hood's dev-browser[0] allows the browser to write playwright JS code directly. Do you have cases where his approach fails and yours works?
[0] https://github.com/SawyerHood/dev-browser
PW is usually easier to detect. Using raw CDP is in our opinion much better for this.
We published a survey of stealth browsers just yesterday https://botforensics.com/blog/stealth-browser-survey-april-2...
There's still plenty that Browser-Use could improve in terms of stealthiness.
We didn't detect it using CDP (good!) but can still detect that it is Browser-Use.
I’d call it “open washing”, but it looks cool. Good luck with it
Curious why? You can just take this and run locally or deploy anywhere you'd like with any provider agent provider.
And that's how I woke up with an LLM roleplaying with itself while looking at porn.
Lmaooo.