ChromeDriver is a powerful tool, and it can cause harm when in the wrong hands. While using ChromeDriver, follow these suggestions to help keeping it safe:
- By default, ChromeDriver only allows local connections. If you need to connect to it from a remote host, use
--allowed-ips
switch on the command line to specify a list of IP addresses that are allowed to connect to ChromeDriver. - If possible, run ChromeDriver with a test account that has no access to sensitive local or network data. ChromeDriver should never be run with a privileged account.
- If possible, run ChromeDriver in a protected environment such as Docker or virtual machine.
- Use firewall to prevent unauthorized remote connection to ChromeDriver.
- If you are using ChromeDriver through third-party tools such as Selenium Server, be sure to protect the network ports of those tools as well.
- Use the latest versions of ChromeDriver and Chrome.