April 23, 2026
Bridge over troubled browsers
Anthropic's Claude Desktop App Installs Undisclosed Native Messaging Bridge
Users split: normal feature or sneaky shortcut that skips your browser’s safeguards
TLDR: Anthropic’s Mac app pre‑installs a bridge so its browser add‑on can talk to a local helper, raising privacy and security questions. Commenters split between “standard extension plumbing” and “sneaky pre‑approval,” with EU privacy worries and a side of “Chrome does worse” sparking extra drama.
Anthropic’s Claude Desktop on Mac quietly drops a “bridge” that lets its Chrome-style browser add‑on talk directly to a local helper app—even if you don’t have a Chromium browser yet. So when you later install one, it’s already pre‑cleared. Security folks say this bypasses normal browser walls and could read pages, autofill, or screen‑grab if abused. Cue drama: one top comment grimaced, “not as ethical as they say,” while another coder confessed they just learned about this and actually want it to connect their browser to local tools. Researchers warn crafty sites can trick helpers; even Anthropic’s own data suggests it still slips sometimes.
The thread is a tug‑of‑war. A defender waved it off as a “nothing‑burger,” noting you still must install the extension and click a permission that literally says it can talk to native apps. Others went full “whataboutism”: “Chrome does worse.” Then came meta‑drama: a prior post was flagged off the front page, fueling conspiracy vibes. Privacy hawks name‑dropped EU rules, while pros advised checking your Library folders for surprise bridge files. The mood: half “standard plumbing,” half “sneaky pre‑approval,” with meme‑energy of “trust‑but‑verify.” Expect audits, patches, and many “is this normal?” debates as regulators and users poke at the fine print.
Key Points
- •Claude Desktop for macOS installs a Native Messaging manifest pre-authorizing three Chromium extension IDs, including Claude for Chrome.
- •The manifest is installed even if no Chromium-based browser is present, enabling automatic extension-to-native communication later without new consent.
- •Native Messaging bridges run with user OS privileges and bypass the browser sandbox, enabling actions like reading pages, autofilling forms, screen capture, and using authenticated sessions.
- •Anthropic’s safety metrics report prompt-injection vulnerability rates of 23.6% (no mitigations) and 11.2% (with current mitigations), which could enable pivoting through the bridge.
- •Mitigations include removing unexpected manifests from ~/Library or /Library; the article anticipates EU regulatory scrutiny and potential Anthropic advisories or patches.