Claude Desktop Reportedly Adds Browser Access Bridge to Multiple Chromium-Based Browsers
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A recent technical audit by privacy researcher Alexander Hanff has revealed that Anthropic\u2019s Claude Desktop application for macOS<\/a> silently installs a Native Messaging bridge into the directories of several Chromium-based browsers.<\/p>\n This undocumented behavior occurs without user consent, raising significant privacy and security concerns within the cybersecurity community.<\/p>\n When a user installs Claude Desktop (Claude.app), the application automatically places a Native Messaging manifest file named\u00a0com.anthropic.claude_browser_extension.json into the application support folders of up to seven Chromium-based browsers, including Chrome, Brave, Edge, Arc, Vivaldi, and Opera.<\/p>\n For a browser extension to communicate with a local desktop application, it requires a Native Messaging host. This bridge operates outside the browser\u2019s secure sandbox, running with the same privileges as the user.<\/p>\n The manifest file preauthorizes three specific Chrome extension IDs to trigger the helper binary (chrome-native-host) located in the Claude Desktop app bundle.<\/p>\n Alarmingly, this installation happens automatically even if the user has never installed the Claude browser extension,<\/a> and even in directories for browsers that are not currently installed on the machine.<\/p>\n Furthermore, Claude Desktop rewrites these manifest files whenever it launches, making them difficult to remove permanently.<\/p>\n While the helper binary remains dormant until activated by one of the three pre-authorized extensions, its presence expands the user\u2019s machine\u2019s attack surface.<\/p>\n If an attacker successfully compromises one of the allowed extension IDs via an account takeover, a malicious Web Store update<\/a>, or a compromised build pipeline, they could achieve out-of-sandbox code execution.<\/p>\n The privacy risks are equally severe. According to Anthropic\u2019s own documentation, their browser integrations are designed to share login states, read the Document Object Model (DOM)<\/a>, extract structured data, and fill forms.<\/p>\n This means a fully activated bridge could allow the AI agent to read decrypted private messages, access banking portals, and capture passwords as they are typed.<\/p>\n Furthermore, Anthropic previously disclosed that its Claude for Chrome extension is vulnerable to prompt injection attacks<\/a>.<\/p>\n A successful prompt injection against the extension could, in theory, use the pre-installed Native Messaging bridge to execute commands on the host machine.<\/p>\n The core issue Hanff highlights<\/a> is the total lack of transparency. The software employs a \u201cdark pattern\u201d by forcing an integration across independent software boundaries without prompting the user to opt in.<\/p>\n Hanff noted that this silent deployment of dormant tracking and automation capabilities may be in direct violation of the EU\u2019s ePrivacy Directive and computer misuse regulations, which strictly govern the storage of information on a user\u2019s terminal equipment.<\/p>\n Standard cybersecurity practices dictate that such powerful system integrations should be installed only when a user actively requests them, be properly scoped to the targeted browser, and be visible within the application\u2019s settings.<\/p>\n As AI tools increasingly seek agentic control over our digital environments, enforcing strict user consent and transparent security boundaries remains critical.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Claude Desktop Reportedly Adds Browser Access Bridge to Multiple Chromium-Based Browsers<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nSecurity and Privacy Implications<\/strong><\/h2>\n