{"id":7943,"date":"2026-04-27T17:32:47","date_gmt":"2026-04-27T17:32:47","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=7943"},"modified":"2026-04-27T17:32:47","modified_gmt":"2026-04-27T17:32:47","slug":"claude-desktops-silent-browser-link-sparks-privacy-concerns","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=7943","title":{"rendered":"Claude Desktop\u2019s Silent Browser Link Sparks Privacy Concerns"},"content":{"rendered":"<p>A security researcher has just uncovered concerning behavior in Claude Desktop that quietly sets up browser-level access without clearly informing users, raising concerns about how much access the app actually has.<\/p>\n<p>Central to this concern is how Claude Desktop uses Native Messaging, an API that enables communication between browsers and local desktop apps.\u00a0<\/p>\n<p>Security researcher Alexander Hanff <a href=\"https:\/\/www.thatprivacyguy.com\/blog\/anthropic-spyware\/\">discovered the behavior<\/a> on his Mac during a debug session. He found that installing Claude Desktop adds a Native Messaging manifest file into the directories of several Chromium-based browsers, including browsers not yet installed. That file pre-approves three Chrome extension IDs for automatic access to <a href=\"https:\/\/www.thatprivacyguy.com\/blog\/anthropic-spyware\/\" target=\"_blank\" rel=\"noopener\">Claude Desktop<\/a>, without the user\u2019s explicit approval.<\/p>\n<h2 class=\"wp-block-heading\">What the researcher found<\/h2>\n<p>On its own, the Native Messaging API isn\u2019t malicious. The three extensions themselves haven\u2019t been proven malicious. The behavior, however, is what is concerning.<\/p>\n<p>Hanff, who, in his report, claims he has never installed any Claude extensions on his Mac, was able to link the manifest files to the Claude Desktop app he installed. Claude Desktop is simply the desktop version of the Claude web interface, which sets it apart from <a href=\"https:\/\/www.eweek.com\/news\/anthropic-launches-cowork-desktop-agent-neuron\/\">Claude Code<\/a>.<\/p>\n<p>According to him, the manifest file is automatically created and distributed to multiple Chromium-based browsers, including browsers he didn\u2019t have on his Mac. All happening without his consent or knowledge.<\/p>\n<p>The manifest\u2019s role is simple: to register Claude Desktop as a Native Messaging host, thereby making it a recognized endpoint for browser communication. As a result, any of the three whitelisted extensions can immediately establish a connection to Claude Desktop when installed, bypassing the need for an explicit user permission prompt.\u00a0<\/p>\n<p>Hanff calls this \u201ca dark pattern.\u201d He further says such an act is in direct violation of certain European Union computer access and misuse laws, which, on the observed scale, matter significantly, given Anthropic\u2019s perceived stance on <a href=\"https:\/\/www.eweek.com\/news\/anthropic-claude-constitution\/\">AI safety and ethics<\/a>.<\/p>\n<p>However, Hanff isn\u2019t the only one who\u2019s noticed this weird pattern. <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2026\/04\/researcher-claims-claude-desktop-installs-spyware-on-macos\" target=\"_blank\" rel=\"noopener\">Malwarebytes reports that users across Mastodon, Reddit, and LinkedIn<\/a> have noticed and reported on the behavior.\u00a0<\/p>\n<p>Noah M. Kenney, security researcher at Digital 520, in an email to <a href=\"https:\/\/www.theregister.com\/2026\/04\/20\/anthropic_claude_desktop_spyware_allegation\/\" target=\"_blank\" rel=\"noopener\">The Register<\/a>, validated Hanff\u2019s discovery, but broke ranks over his peer\u2019s blunt characterization of the issue as \u201cspyware.\u201d<\/p>\n<p>While the behavior was observed on Macs, its status on Windows and Linux remains unconfirmed. And until separate or extended analysis of the behavior sheds light on these two operating systems, Malwarebytes says it is \u201cin the dark about the behavior on Windows and Linux.\u201d<\/p>\n<h2 class=\"wp-block-heading\">Anthropic\u2019s response<\/h2>\n<p>So far, the company has made no public comments on this, which is very unusual, given the number of confirmations it has generated across platforms.<\/p>\n<p>Now, there could be lots of directions to spin this around, but until Anthropic gives a statement, we can never tell for sure what\u2019s going on. <a href=\"https:\/\/www.gadgetreview.com\/claude-desktop-is-messing-with-your-settings-find-out-why-even-uninstalled-browsers-are-affected\" target=\"_blank\" rel=\"noopener\">According to Gadget Review<\/a>, even Claude Desktop\u2019s documentation says nothing about this behavior.<\/p>\n<p>We suspect Anthropic may be taking careful steps here and will likely address the issue this week. Until then, the story still hangs in the balance.<\/p>\n<h2 class=\"wp-block-heading\">A difficult, but not impossible, removal of this behavior<\/h2>\n<p>Hanff says removing such a bridge across Chromium browsers is possible, but quite difficult, especially for people who are not very technical.\u00a0<\/p>\n<p>First, it requires that you even notice that these manifest files are present on your Mac. To find and delete these files, use this command:<\/p>\n<p>$ find ~\/Library\/Application Support -name \u201ccom.anthropic.claude_browser_extension*\u201d<\/p>\n<p>The command shows you the location of the manifest files, which you can delete. But there is a catch. Deleting the files will only create another one the next time you run Claude Desktop. To stop the addition of new manifest files, you need to compromise by uninstalling the app entirely. At least until Anthropic fixes the behavior, using the methods Hanff proposed in his report.\u00a0<\/p>\n<p><strong>Because Claude Desktop is a web wrapper, you can still get <\/strong><a href=\"https:\/\/www.eweek.com\/news\/best-claude-use-cases-productivity-2026\/\"><strong>most features<\/strong><\/a><strong> from the web interface.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/www.eweek.com\/news\/claude-desktop-browser-access-security-concerns\/\">Claude Desktop\u2019s Silent Browser Link Sparks Privacy Concerns<\/a> appeared first on <a href=\"https:\/\/www.eweek.com\/\">eWEEK<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>A security researcher has just uncovered concerning behavior in Claude Desktop that quietly sets up browser-level access without clearly informing users, raising concerns about how much access the app actually has. Central to this concern is how Claude Desktop uses Native Messaging, an API that enables communication between browsers and local desktop apps.\u00a0 Security researcher [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-7943","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/7943"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7943"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/7943\/revisions"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7943"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7943"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7943"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}