[Bug] Sensitive credentials exposed in memory dump during launchPersistentContext in Playwright for Golang #556
Description
Environments
- playwright-go Version: v0.52
- Browser: Chromium
- OS and version: Windows 11 (testing on only in windows platform)
Bug description
Sensitive credentials (proxy password, proxy server, and username) are exposed in plaintext in process memory when using launchPersistentContext.
These values can be extracted from a memory dump. This poses a critical security issue, since anyone with access to the process memory can steal authentication tokens or proxy credentials.
Expected behavior
Sensitive credentials (proxy configuration) should not appear in memory dumps or be serialized as plaintext. Credentials should be securely passed and stored only in memory-safe structures, never written to logs or exposed in dumps.
Actual behavior
When launching a persistent browser context with proxy settings, the credentials appear in memory. For example:
{
"on": {
"file": "connection.go",
"line": 155
},
"wallTime": 1757341770727,
"method": "launchPersistentContext",
"params": {
"args": [
"--app=https://10.10.10.2:443",
"--disable-new-tab-page",
"--no-first-run",
"--no-default-browser-check",
"--disable-infobars"
],
"headless": false,
"proxy": {
"password": "test",
"server": "test",
"username": "test"
},
"userDataDir": "C:\\ProgramData\\testApp\\proxy-playwright\\7ab9117f58d0f94acbc29858898910bc"
}
}
This was extracted from a process memory dump, showing sensitive values in plaintext.
To Reproduce
A minimal reproduction example (simplified, no error handling):
package main
import "github.com/playwright-community/playwright-go"
func main() {
pw, _ := playwright.Run()
browser, _ := pw.Chromium.LaunchPersistentContext("userdata", playwright.BrowserTypeLaunchPersistentContextOptions{
Headless: playwright.Bool(false),
Proxy: &playwright.Proxy{
Server: "http://test-proxy:8080",
Username: "test-user",
Password: "test-password", // sensitive data
},
})
page, _ := browser.NewPage()
page.Goto("https://playwright.dev")
}
After running, take a memory dump of the process → sensitive proxy values appear directly in plaintext.
Additional context
• This issue affects any user passing proxy credentials into LaunchPersistentContext.
• It could allow attackers with access to memory dumps or debugging tools to extract secrets and compromise accounts or sessions.
• Severity: Critical.
• Recommendation:
• Avoid embedding secrets in command-line args or serialized JSON passed into the browser process.
• Use secure credential handling, e.g., OS-level secret managers, in-memory encryption, or credential redaction before serialization.