Claude Desktop Installs Undocumented Spyware
Quality: 4.5/5
Critical Finding: Claude Desktop silently installed Native Messaging manifests in 7 Chromium-based browsers without user consent or disclosure.
What Was Found
The researcher discovered a file they never installed at:
~/Library/Application Support/BraveSoftware/Brave-Browser/NativeMessagingHosts/com.anthropic.claude_browser_extension.json
This is a Native Messaging manifest that pre-authorizes browser extensions to spawn Claude's binary with user permissions.
Affected Browsers
- Google Chrome
- Microsoft Edge
- Brave Browser
- Arc
- Vivaldi
- Opera
- Chromium
Capabilities Exposed
According to Anthropic's own documentation, when activated, the bridge enables:
- Session sharing: "Claude opens new tabs and shares your browser's login state"
- DOM reading: "Read console errors and DOM state directly"
- Data extraction: "Pull structured information from web pages"
- Task automation: "Automate repetitive browser tasks like data entry, form filling"
- Session recording: "Record browser interactions as GIFs"
Security Risk: The bridge runs outside the browser sandbox at user privilege level. Native Messaging hosts don't appear in macOS process or permission UI.
Legal Concerns
The author argues this violates:
- Article 5(3) of Directive 2002/58/EC (ePrivacy Directive)
- Multiple computer access and misuse laws
Additional Context
Anthropic's own documentation shows prompt injection attack success rate of 23.6% before mitigations and 11.2% with current defenses.
Note: This is about Claude Desktop (com.anthropic.claudefordesktop), NOT Claude Code (the CLI developer tool), which has its own separately documented Native Messaging bridge.