Anthropic’s Claude Desktop application silently installs undocumented browser integration files on macOS, creating potential security vulnerabilities by pre-authorizing unauthorized access to user browser sessions and data.

Key Points

• Claude Desktop automatically installs "Native Messaging" manifests into Chromium-based browsers, including Brave, Chrome, Edge, and others, without user consent.
• These manifests allow browser extensions to bypass standard sandboxing and execute code at the user's privilege level.
• The integration is pre-installed even for browsers not currently present on the user's machine, creating a dormant "back door" for future use.
• Claude Desktop logs confirm the software repeatedly rewrites these configuration files, ensuring they persist even if a user manually deletes them.
• The installed bridge enables capabilities such as reading browser DOM state, extracting data, and automating form filling, which could expose sensitive authenticated sessions.
• Anthropic’s documentation claims the integration is limited to Chrome and Edge, contradicting the software's behavior of installing across seven different browser paths.

Why it Matters

This practice raises significant privacy and security concerns by establishing a persistent, out-of-sandbox bridge between a desktop application and a user's web browser without explicit opt-in. By bypassing standard consent models, Anthropic risks violating data protection regulations and undermining the security posture of browsers that users specifically choose for their privacy features.