By rssfeeds-admin According to the findings, the application silently installs a Native Messaging bridge across multiple Chromium-based browsers without user consent.
This behavior introduces out-of-sandbox browser automation capabilities, effectively bypassing standard security boundaries.
The lack of user awareness or approval has triggered alarms among cybersecurity experts and privacy advocates.
Native Messaging Bridge Discovery
The investigation focuses on a configuration file named com.anthropic.claude_browser_extension.json. Hanff discovered this file while debugging an unrelated project on his MacBook.
Further analysis revealed that Claude Desktop automatically writes this manifest into application support directories for seven Chromium-based browsers, including Google Chrome, Brave, Microsoft Edge, Chromium, Arc, Vivaldi, and Opera.
Notably, the application installs these files even for browsers that are not present on the system or officially supported.
Additionally, the files are recreated every time Claude Desktop launches, making manual removal ineffective unless the application is fully uninstalled.
The Native Messaging bridge acts as a pre-authorized communication channel between browser extensions and a local executable called chrome-native-host, located within the Claude app bundle.
This executable runs outside the browser sandbox with full user-level privileges. It allows specific pre-approved Chrome extensions to execute commands directly on the host system.
Such access enables powerful capabilities, including reading full DOM content, extracting structured web data, sharing authenticated session states, automating form submissions, and even performing background screen recording.
These capabilities significantly increase the attack surface of affected systems. If exploited, attackers could interact with sensitive platforms such as banking portals, enterprise dashboards, or administrative systems as the logged-in user.
Anthropic’s own data indicates that Claude for Chrome remains susceptible to prompt injection attacks, with an 11.2% success rate despite existing safeguards.
A successful injection could allow attackers to leverage the bridge for local code execution.
Additionally, if any of the pre-authorized extensions are compromised through a malicious update or supply chain attack, threat actors could gain immediate access to the user’s system.
Hanff described the behavior as a “dark pattern” and warned that it may violate the EU ePrivacy Directive and computer misuse laws.
He emphasized that even dormant capabilities pose risks, especially when users are unaware of persistent system-level integrations.
The hidden installation undermines the browser trust model and creates long-term privacy concerns.
Security experts recommend that Anthropic adopt a strict opt-in model for browser integrations. Users should be clearly informed and required to provide explicit consent before any installation.
Additional recommendations include limiting support to user-selected browsers and providing transparent controls to manage or revoke permissions.
Until fixes are implemented, organizations using Claude Desktop on macOS are advised to audit systems for the com.anthropic.claude_browser_extension.json file and assess compliance with internal security policies.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Claude Desktop Reportedly Adds Browser Access Bridge for Multiple Chromium-Based Browsers appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.