%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
Safety expert Alexander Hanff exposed security vulnerabilities in the Claude Desktop application of Anthropic on his personal blog. He pointed out that the application silently installs Native Messaging bridge files for seven Chromium browsers, including Chrome, Brave, and Edge, without the user's knowledge, which could have potential spyware capabilities.
According to Hanff's investigation, after installing Claude Desktop, the application automatically writes a bridge file named com.anthropic.claude_browser_extension.json into the configuration directories of multiple browsers, even if some browsers are not installed. This practice means that if users install these browsers in the future, the Claude extension will be able to gain relevant permissions without asking for user consent again.
The main function of this bridge file is to allow specific browser extensions to call local executable programs. According to Anthropic's official documentation, this component has powerful browser automation capabilities, enabling operations such as opening new tabs, sharing login states, reading DOM content, filling forms, and recording screens. This allows Claude to access sensitive websites, including banking and tax sites, on behalf of the user once the corresponding extension is installed, and it can run outside the browser sandbox with user-level permissions.
Hanff also pointed out that according to Anthropic's official data, the success rate of prompt injection attacks on its Chrome extension is approximately 11.2%, which poses a risk of attackers taking over user browser sessions through infected extensions or malicious websites. Hanff believes that this unauthorized behavior violates multiple security principles, including forced bundling and breaking trust boundaries, and users cannot discover or manage this component through the regular interface.
Hanff called on Anthropic to immediately remove this component or install it only after clearly informing users and obtaining their authorization. This incident reminds users to be vigilant when installing software to ensure their privacy and data security.
Key Points:
🌐 Hanff pointed out that the Claude Desktop application installed bridge files for multiple browsers without user consent.
🔍 The installed bridge files enable extensions to have strong browser automation capabilities, posing a security risk.
⚠️ Hanff called on Anthropic to remove this component or install it only after obtaining user authorization.