On April 23rd, an online security expert, Alexander Hanff, released a blog on April 18, stating: Anthropic of Claude Disktop applies without the user's knowledgeThe Native Messaging Bridge was silently installed at section 7 Chromium Browser。
The Hanff survey noted that after the user installed Claude Desktop, Anthropic automatically wrote the same bridge list file to the configuration directories of seven browsers such as Chrome, Brave, Edge and others without the user ' s consent, and even created a corresponding directory when the user did not install some browsers. This means that when any such browser is installed in the future by the user, Claude Extension will automatically be granted access without additional consent。
The bridge is called com.antropic.claude_browser_extension.json, and the Hampf is authenticating by code signature and tracking metadata from the MacOS system, confirming that the installation was officially signed and notarized by Anthropic and indeed written by Claude Desktop。
The core function of the document is to allow a specific browser to expand the call to a local executable. Anthropic official document shows that this component has a strong browser automation capability, including opening new tabs, sharing login status, reading DOM content, filling forms and recording screens. This means that once a corresponding extension has been installed by the user, the program will have access as a user to sensitive websites such as banks, taxes, etc., and will operate outside the browser sandbox with user-level privileges。
With regard to security risks, Anthropic's own data indicate that its Chrome extension, in the face of malicious attacks, has a success rate of approximately 11.2%. This provides potential pathways for the attackers to take over the browser session through infected extended or malicious web pages。
In Boven, Mr. Hanff noted that the act was contrary to a number of principles. The first was to enforce a breach of the bound and trusted borders, with the third-party browser configuration modified to be overstepped. The second is the lack of transparency, which prevents the user from discovering or managing the component through a regular interface, and when the file is deleted, Claude Desktop will automatically re-install it at the next start。
Hanf thinks it's a kind of "slugger."Spy softwareI'm sorryAlleged violation of article 5, paragraph 3, of the EU Directive 2002/58/EC on storage of information social services. He suggested that Anthropic should remove the component immediately or adjust the strategy to install it after the user had been clearly informed and authorized。
1AI Attach reference address