Claude Desktop for macOS installs a Native Messaging manifest file that pre-authorizes Anthropic's browser extensions across Chromium-based browsers without informing users or asking for permission. Privacy consultant Alexander Hanff discovered this while debugging a different application that used the Native Messaging API.
The file, named com.anthropic.claude_browser_extension.json, is a Native Messaging manifest that authorizes three Chrome extension IDs, including the Claude extension for Chrome, to communicate with a local binary on the device. Notably, the file is created for browsers not yet installed on the system, which means any future Chromium-based browser added to the device will automatically grant Claude access upon installation, without any extra consent needed.
Anthropic did not respond to requests for comment.
What Claude Desktop’s Native Messaging File Does And Its Security Implications
Native Messaging manifests enable browser extensions to communicate with local programs outside the browser's sandbox. The binary bridge specified in the manifest runs with user privileges and does not trigger permission prompts. Once authorized through this mechanism, Claude in Chrome can read web pages, fill out forms, capture the screen, and access authenticated sessions.
Anthropic's safety documentation indicates that Claude for Chrome is vulnerable to prompt injection with a success rate of 23.6 percent without mitigations and 11.2 percent with current measures in place.
When the Native Messaging bridge is pre-installed, a successful prompt injection can potentially route through the extension and the bridge to a binary running outside the browser sandbox at the user's privilege level. Noah Kenney, founder of the advisory firm Digital 520, reviewed these findings independently. He described the situation as creating a persistent, pre-authorized connection from browser extensions to a local executable outside the sandbox environment.
The extension and bridge are installed without clear user awareness and are resistant to removal. Kenney said this significantly broadens the attack surface.
Legal Concerns Under EU Law and Current Status
Hanff argues that this behavior breaches Article 5(3) of the ePrivacy Directive, which mandates explicit consent before storing information on a user's device unless it is strictly necessary for delivering the service. Kenney, who is not a lawyer but shares this view, considers the legal risk to be credible.
"Silent installation of cross-application integrations, especially into browsers that users haven't opted into, is likely to go beyond that exemption," Kenney explained. He noted that European regulators tend to interpret "strictly necessary" narrowly and are increasingly scrutinizing silent system modifications across application boundaries.
Hanff has not submitted a formal regulatory complaint but says he plans to do so if Anthropic does not address the installation process. There is also an unresolved bug in Claude Desktop's Native Messaging host, which causes conflicts between Claude Code and Claude Desktop registrations. This issue was automatically closed by a GitHub bot on February 28 without a resolution. Anthropic has not released a public response or acknowledged the findings.
Thank you for being a Ghacks reader. The post Claude Desktop Silently Installs Browser Extension Files for Browsers Not Installed appeared first on gHacks.
☞ El artículo completo original de Arthur Kay lo puedes ver aquí
No hay comentarios.:
Publicar un comentario