Alexander Hanff found that Claude Desktop silently installs a native messaging bridge that pre-authorizes browser extensions to communicate with local executables, enabling browser automation, DOM access, session sharing, and other elevated actions without user consent. The manifest is autonomously generated across multiple Chromium browsers, persists and is rewritten on launch with no opt-out or UI, creating a risk of surveillance and data exfiltration unless Claude desktop is fully uninstalled. #ClaudeDesktop #BraveBrowser
Keypoints
- Claude Desktop installs a native messaging bridge that enables extensions to operate outside the browser sandbox.
- A JSON manifest was auto-created in Brave pre-authorizing three extension IDs to invoke a localhost executable.
- The bridge supports browser automation, DOM and console monitoring, form filling, structured extraction, and session recording.
- The manifest persists across seven Chromium-based browsers, is rewritten on each launch, and offers no notification or opt-out.
- If abused via prompt injection or malicious extensions, the component could expose authenticated banking, healthcare, and corporate sessions and enable data exfiltration.
Read More: https://securityonline.info/claude-desktop-native-messaging-bridge-privacy-risk-alexander-hanff/