"chromedriver is vulnerable to Cross-Site Request Forgery. This vulnerability can be exploited for remote code execution" The upstream bug is WONTFIX'd, not sure there's anything we can do.