Anthropic's Claude Desktop App Installs Undisclosed Native Messaging Bridge

[Skip to content](https://letsdatascience.com/news/claude-desktop-installs-preauthorized-browser-extension-mani-4064fb1a#main-content) [ LDS Let's Data ScienceLEARN • BUILD • STAY AHEAD ](https://letsdatascience.com/) * [News](https://letsdatascience.com/news) * [Blog](https://letsdatascience.com/blog) * Learn * Interview * [Pricing](https://letsdatascience.com/pricing) * [Contact](https://letsdatascience.com/contact) [Sign in](https://letsdatascience.com/login?redirect=%2Fnews%2Fclaude-desktop-installs-preauthorized-browser-extension-mani-4064fb1a) $3.99/mo1,500+ Questions · 15 Domains · Unlimited Audio492 spots left [Claim Your Spot](https://letsdatascience.com/pricing) [](https://letsdatascience.com/)[News](https://letsdatascience.com/news)Claude Desktop Installs Preauthorized Browser Extension Manifests Security & Riskanthropicnative messagingbrowser securitymacos privacy # Claude Desktop Installs Preauthorized Browser Extension Manifests  1 sources|April 21, 2026 7.8 Relevance Score  Photo: ghacks.net [· rights & takedowns](https://letsdatascience.com/copyright) Quick SummaryHide Anthropic's **Claude Desktop** for macOS installs a Native Messaging manifest file named com.anthropic.claude_browser_extension.json that pre-authorizes the Claude browser extension and two other Chromium extension IDs. The manifest is created for Chromium-based browsers even when those browsers are not installed, meaning any future Chromium browser added to the machine will automatically grant the preauthorized extensions access to a local binary. That local bridge runs at user privilege outside the browser sandbox, enabling extensions to read pages, fill forms, capture screens, and access authenticated sessions without additional consent. Security researcher Alexander Hanff discovered the file; Noah Kenney independently reviewed the findings. The behavior raises privacy and legal questions, including potential breaches of the ePrivacy Directive Article 5(3). Anthropic's **Claude Desktop** on macOS creates a Native Messaging manifest file, com.anthropic.claude_browser_extension.json, that pre-authorizes three Chromium extension IDs, including **Claude for Chrome**. The manifest is written even for Chromium-based browsers not currently installed, so any such browser added later will automatically allow the extension to communicate with a local binary without user consent. Native Messaging manifests define a bridge between browser extensions and a local executable; that bridge executes with the user's OS privileges and bypasses the browser sandbox. With the manifest preinstalled, an extension can exchange messages with a local binary to perform actions including reading page contents, autofilling forms, capturing the screen, and leveraging authenticated sessions. Anthropic's safety metrics indicate prompt-injection vulnerability rates of **23.6 percent** without mitigations and **11.2 percent** with current measures, numbers that matter because a successful injection could pivot through the extension to the local bridge. Key artifacts discovered are the com.anthropic.claude_browser_extension.json manifest and the set of authorized extension IDs. * •Inspect and remove unexpected Native Messaging manifest files from ~/Library or /Library if present and not required by trusted software * •Audit installed browser extensions and block unknown extension IDs or reauthorize only via explicit user flows * •Monitor processes that accept local messages and apply OS-level least-privilege controls This is a classic privilege and preauthorization risk: desktop companion apps increasing an attack surface by pre-granting cross-process capabilities. The behavior intersects privacy law; researcher Alexander Hanff flagged potential noncompliance with ePrivacy Directive Article 5(3). Independent reviewer Noah Kenney highlighted that pre-authorized bridges are persistent and difficult for users to discover or remove, broadening the threat model for browser-based attacks. Expect regulatory scrutiny in the EU, security advisories or patches from Anthropic, and audits of other desktop-app tooling that uses Native Messaging. Operators should validate manifests and require explicit, runtime consent for any local bridge. ## Scoring Rationale This is a notable security/privacy finding affecting a widely used AI desktop client that creates persistent, preauthorized local bridges. It materially raises attack surface and regulatory risk for Anthropic and users, but it is not yet a systemic industry-wide compromise. Free Newsletter ### Stay on top of AI — without the noise Join thousands of data scientists, ML engineers, and AI practitioners getting our best stories delivered straight to their inbox. Email addressSubscribe We'll only use your email to send the newsletter. See our [Privacy Policy](https://letsdatascience.com/privacy). Practice interview problems based on real data 1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with. [Try 250 free problems](https://letsdatascience.com/problems) Free Career Roadmaps8 PATHS Step-by-step roadmaps from zero to job-ready — curated courses, salary data, and the exact learning order that gets you hired. [Data Analyst$95K](https://letsdatascience.com/learn/paths/data-analyst)[Data Scientist$130K](https://letsdatascience.com/learn/paths/data-scientist)[ML Engineer$155K](https://letsdatascience.com/learn/paths/ml-engineer)[AI Engineer$160K](https://letsdatascience.com/learn/paths/ai-engineer)[Data Engineer$140K](https://letsdatascience.com/learn/paths/data-engineer)[Analytics Eng.$140K](https://letsdatascience.com/learn/paths/analytics-engineer)[MLOps Engineer$160K](https://letsdatascience.com/learn/paths/mlops-engineer)[Quant Analyst$175K](https://letsdatascience.com/learn/paths/quant-analyst) [Explore all career paths ](https://letsdatascience.com/learn/paths) FOUNDING MEMBER SALE $9.99/mo $3.99/mo [Claim Founding Member Price](https://letsdatascience.com/pricing)Cancel anytime ## More AI & Data Science News [ 7.6 1 hour ago White House Accuses China of Industrial-Scale AI Theft ](https://letsdatascience.com/news/white-house-accuses-china-of-industrial-scale-ai-theft-f192a63d)[ 7.9 1 hour ago White House Accuses China of Industrial-Scale AI Theft ](https://letsdatascience.com/news/white-house-accuses-china-of-industrial-scale-ai-theft-7bd93a2e)[ 7.2 1 hour ago SAP and Google Cloud Deploy Multi-Agent Marketing AI ](https://letsdatascience.com/news/sap-and-google-cloud-deploy-multi-agent-marketing-ai-7d15f5ba)[ 7.2 1 hour ago Microsoft Embeds Agentic AI into Business Central ](https://letsdatascience.com/news/microsoft-embeds-agentic-ai-into-business-central-a396a3d2) [View All News](https://letsdatascience.com/news) [](https://letsdatascience.com/news) News on Let's Data Science is compiled from multiple public sources with editorial oversight. See our [Editorial Standards](https://letsdatascience.com/editorial-standards) and [Corrections Policy](https://letsdatascience.com/corrections). © 2026 Let's Data Science [](https://www.youtube.com/@letsdatascience)[](https://x.com/letsdatascience)[](https://www.linkedin.com/company/lets-data-science/)[](https://www.instagram.com/lets_datascience/)[](https://open.spotify.com/show/0x4laIZ3OSlnAlr0R7gXsr)[](https://www.reddit.com/user/letsdatascience/)[](https://music.amazon.com/podcasts/f245918a-83ab-4b40-9730-d6e5446ad66e/let's-data-science-%E2%80%94-ai-news-daily) [Pricing](https://letsdatascience.com/pricing)[Advertise](https://letsdatascience.com/advertise)[Terms](https://letsdatascience.com/terms)[Privacy](https://letsdatascience.com/privacy)Cookie preferences[Image Rights](https://letsdatascience.com/copyright)[Contact](https://letsdatascience.com/contact) Feedback