Browser Use delivers a highly capable, self-hostable web automation layer, but its agentic nature requires strict domain allowlisting to mitigate the risk of prompt injection from malicious websites.
The core library is fully open-source under the MIT license, enabling complete local data isolation.
A vulnerability (CVE-2025-47241) that allowed bypassing the 'allowed_domains' configuration was successfully patched in v0.1.45.
The framework operates by translating DOM elements into structured text, making it natively compatible with any major LLM.
Browser Use Cloud offers a commercial hosted service that defers data processing terms to customer-specific enterprise agreements.