Specular embeds full Chromium browser processes, so security issues are taken seriously.
If you discover a security vulnerability, please do not open a public issue. Instead, report it privately:
- Email the maintainer directly (see GitHub profile for contact info)
- Or use GitHub's private vulnerability reporting on this repository
Please include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fix (if you have one)
- Acknowledgment within 72 hours
- Assessment and plan within 1 week
- Fix or mitigation as soon as practical, depending on severity
The following are in scope:
- The Specular Electron application
- The MCP server and its tools
- The CDP proxy
- IPC and preload scripts
- Any data exposure or privilege escalation
Only the latest release is actively supported with security fixes.
| Version | Supported |
|---|---|
| Latest release | Yes |
| Older releases | No |