browser-use is vulnerable to Incorrect Default Permissions
50
Medium Risk
The browser-use CLI runs a background daemon that listens on a Unix domain socket for session commands. On Unix hosts the daemon creates the socket with the process umask, leaving the socket file world-accessible so other local users can connect() to and probe the daemon. A per-session HMAC token gates command dispatch, but the permissive socket file still exposes the local endpoint to co-tenants on multi-user systems before the handshake fails. The fix binds the socket under a restrictive umask and explicitly sets the socket file permissions to owner-only.
You are affected if you are using a version that falls within the vulnerable range and running the CLI daemon on a multi-user host.
browser-use is vulnerable to Incorrect Default Permissions in versions 0.12.3 - 0.12.7.
Upgrade the browser-use library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant