Cross-device MCP browser command routing — UX concern + feature feedback

Resolved 💬 2 comments Opened Apr 7, 2026 by rhese-h Closed Apr 7, 2026

Summary

While setting up Claude Code on a second PC, I discovered that MCP browser control commands (via the Claude in Chrome extension) were executing on a different PC's Chrome browser rather than the local one. Commands were cloud-routed through the shared Claude account — no direct network connection between the machines.

This was initially confusing and has security/UX implications: a user could unknowingly execute commands on the wrong machine's browser with no warning.

After investigation, the behavior turned out to be fully functional and repeatable. I'm reporting this as both a UX concern and positive feature feedback.

Environment

  • Two Windows PCs on the same network, both signed into the same Claude account
  • Both have Claude Desktop + Claude in Chrome extension installed
  • Native messaging host com.anthropic.claude_browser_extension registered on both
  • Claude Code running on PC-A successfully controlled Chrome on PC-B

What happened

  1. Ran Claude Code on PC-A (laptop) — MCP browser commands silently routed to PC-B (workstation)
  2. After a reboot on Day 2, both PCs prompted for browser naming — suggesting some awareness of multi-device scenarios
  3. The switch_browser tool allowed targeting either browser by name
  4. All standard browser MCP tools worked across the remote connection (tabs, navigation, DOM reading, JS execution, screenshots, clicks, scrolling, form input, network/console reads) — 14/15 passed, with only file_upload failing as expected (no cross-machine filesystem access)

UX/Security concern

There is no indication to the user that commands are routing to a remote machine. I spent time debugging "why isn't my local browser responding?" before realizing the commands were hitting a different PC entirely.

Additionally, the Claude account settings page (Account > Active sessions) shows all connected devices/browsers, confirming the backend tracks these sessions — but there is no user-facing mechanism to direct MCP commands to a specific session beyond the switch_browser tool.

At minimum, a warning or confirmation when commands route cross-device would prevent confusion — and prevent unintended actions on the wrong machine.

Feature feedback

The cross-device capability is actually very useful once intentional. We used it to build and publish a full CMS page from a laptop while the browser work happened on a workstation with no physical interaction. Concrete suggestions if this becomes a formal feature:

  1. Connection status — a tool to list connected browsers/devices and which is active
  2. Explicit device targetingdevice_id or browser_name parameter on browser MCP tools
  3. Opt-in authorization — users should knowingly grant cross-device access

Happy to provide more detail if helpful.

— Rhese Hoylman, GTIN Managed IT (The Woodlands, TX)

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗