Claude Desktop silently installs undocumented native messaging manifests for browser extensions without explicit user consent, pre-authorizing extensions to execute binaries with user privileges. The discovery came when a developer found configuration files in Brave Browser that Anthropic had not disclosed.
Safety
Claude Desktop installs undocumented browser extensions for Chrome and other browsers
Anthropic's Claude Desktop silently installs undisclosed native messaging manifests that pre-authorize browser extensions to execute code with user privileges, raising privilege escalation concerns.
Monday, April 20, 2026 12:00 PM UTC2 MIN READSOURCE: LobstersBY sys://pipeline
Tags
safety
/// RELATED