All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Claude Desktop Preauthorizes Browser Extension Access on macOS, Raising Privacy Concerns

By

CGMthrowaway

1mo ago· 1 min readenNews
Bagel score 75 of 100
75/100
Toasty
Bagelometer

Warm and crisp on the edges. A bagel with a bit of bite.

Score75TypenewsSentimentnegative

Summary

Anthropic's Claude Desktop for macOS installs a Native Messaging manifest file that pre-authorizes the Claude browser extension and two other Chromium extension IDs. The manifest is created for Chromium-based browsers even when those browsers are not installed, meaning any future Chromium browser added to the machine will automatically grant preauthorized extensions access to a local binary running outside the browser sandbox. This enables extensions to read pages, fill forms, capture screens, and access authenticated sessions without additional consent. Security researcher Alexander Hanff discovered the file, and Noah Kenney independently reviewed the findings. The behavior raises privacy and legal questions, including potential breaches of the ePrivacy Directive Article 5(3).

Key quotes

· 3 pulled
The manifest is created for Chromium-based browsers even when those browsers are not installed, meaning any future Chromium browser added to the machine will automatically grant the preauthorized extensions access to a local binary.
That local bridge runs at user privilege outside the browser sandbox, enabling extensions to read pages, fill forms, capture screens, and access authenticated sessions without additional consent.
The behavior raises privacy and legal questions, including potential breaches of the ePrivacy Directive Article 5(3).
Snippet from the RSS feed
Anthropic's **Claude Desktop** for macOS installs a `Native Messaging` manifest file named `com.anthropic.claude_browser_extension.json` that pre-authorizes the Claude browser extension and two other Chromium extension IDs. The manifest is created for Chr

You might also wanna read

AlliHat brings Claude AI to Safari's sidebar with agent mode and workflows

AlliHat is a Safari sidebar extension that brings Claude AI to Safari users, filling a gap where only Chrome had a Claude extension. Created

Product Hunt·11d ago

Open-Source Reverse-Engineered Version of Claude in Chrome Removes Domain Blocklist and Expands Browser Compatibility

A developer has reverse-engineered the Claude in Chrome browser automation tool, creating an open-source version that removes the original's

Product Hunt·1mo ago

npm malware targeting Claude users leaks own GitHub token, reaches 676 downloads

An npm package called "mouse5212-super-formatter" targeting Claude users acted as information-stealing malware, reaching 676 downloads befor

theregister.com·2d ago

Claunnector: macOS Menubar App Connects AI Tools to Local Mail, Calendar, and Productivity Data

Claunnector is a native macOS menubar application that enables AI tools like Claude, ChatGPT, and Codex to access and manage local Mac data

Product Hunt·1mo ago

Claude for Desktop: Anthropic's AI Assistant Now Available as Desktop Application

Claude for Desktop is a new desktop application from Anthropic that brings their AI assistant directly to users' computers. The app is desig

Product Hunt·4mo ago