[BUG] Claude-in-Chrome (multi-browser): switch_browser prompts every connected browser + tab reparented across browser instances

Open 💬 2 comments Opened Jul 1, 2026 by kenour

Environment

  • Claude Code driving the Claude-in-Chrome extension
  • Windows 10
  • Two Chrome browsers connected to the account at the same time

Summary

Two related multi-browser isolation problems surfaced in one session: the agent's browser picker reaches into a browser it shouldn't, and a tab moved between browser instances unexpectedly.

Part 1: switch_browser prompts every connected browser

Actual: switch_browser sends a "Connect" prompt to all connected Chrome instances, including my personal/working browser that I explicitly did not want the agent operating in. (I had literally named that browser Personal Chrome - Get out of this one Claude! and the Connect prompt still popped into it.)

Expected: a way to target or exclude specific browsers, or otherwise scope the prompt, so it can't appear in a browser the user wants the agent to stay out of.

Part 2: Tab reparented across browser instances

Actual: a tab that was open in Browser A (my personal Chrome, not the MCP-connected one) appeared to move into Browser B (a fresh Chrome I opened and connected for the automation) when I closed a window.

Expected: tabs stay within their own browser instance. An MCP session should never reparent a user's tabs across separate browsers.

Impact

Privacy and UX: the agent can prompt into, and apparently shuffle tabs between, browsers the user intended to keep separate from it.

Related / prior art

Adjacent, still open:

  • #70542: user-assigned browser names getting anonymized (also hit this; named browsers came back as "Browser 1" / "Browser 2", which is what made them impossible to tell apart in the first place).
  • #69542: new tab group created per session instead of reusing the previous tab.

Flagged as possible duplicates by the triage bot, all closed without a fix:

  • #25551: no way to specify which Chrome instance when multiple are connected. Same root gap as Part 1.
  • #33813 (security): extension controls browsers cross-device without consent or pairing.
  • #50440 (security): extends #33813 to cross-account control.

Part 2 (tab reparenting) is not covered by any of the above. Consolidating here rather than filing a fourth report of a problem that keeps getting closed stale.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗