Anthropic's Claude Desktop App Installs Undisclosed Native Messaging Bridge
letsdatascience.com
April 23, 2026
3 min read
🔥🔥🔥🔥🔥
48/100
Summary
Claude Desktop for macOS installs a Native Messaging manifest file that pre-authorizes the Claude browser extension and two other Chromium extension IDs. This manifest is created for Chromium-based browsers, allowing any future Chromium browser added to the machine to automatically grant access to the preauthorized extensions.
Key Takeaways
- Anthropic's Claude Desktop for macOS installs a preauthorized Native Messaging manifest file that allows browser extensions to communicate with a local binary without user consent.
- The manifest is created for Chromium-based browsers, enabling automatic access for extensions even if those browsers are not currently installed.
- The behavior raises privacy and legal concerns, potentially violating the ePrivacy Directive Article 5(3) due to the preauthorization of extensions and increased attack surface.
- Security researchers recommend auditing installed browser extensions and monitoring local messaging processes to mitigate risks associated with the preauthorized bridges.
Community Sentiment
Positives
- Native Messaging provides a secure way for browsers to communicate with local applications, enhancing functionality without compromising user safety.
- The hidden --sdk-url CLI option for Claude allows developers to create websocket endpoints, streamlining integration with local tools.
Concerns
- Concerns about Anthropic's ethics arise due to their association with Palantir, raising questions about their commitment to responsible AI practices.
- The lack of transparency regarding the Native Messaging bridge may undermine user trust, as it was not disclosed initially.
