Anthropic's Claude Desktop allegedly drops a hidden "bridge" into Brave

Discovery

It has been reported that security researcher Alexander Hanff found a Native Messaging manifest planted in Brave by Anthropic's Claude Desktop for macOS. The file, com.anthropic.claude_browser_extension.json, was discovered under ~/Library/Application Support/BraveSoftware/Brave-Browser/NativeMessagingHosts and points to /Applications/Claude.app/Contents/Helpers/chrome-native-host. Hanff says he never installed a Claude browser extension; only the Claude Desktop app was on the machine. Surprise? You bet. A desktop app reaching into a third‑party browser and pre‑authorising a native host feels, frankly, like a Trojan horse.

How it works

Native Messaging hosts are a documented Chromium feature: they let browser extensions talk to local executables outside the browser sandbox, running with the user's privileges. That means an extension with one of the listed IDs can launch the binary on the machine. In this case, the manifest lists three allowed origins and registers a bridge that, if exploited or misused, could bypass normal browser isolation. Hanff notes this manifest is undocumented by Anthropic and separate from Claude Code's known bridge — so this appears to be an unannounced, additional channel.

Why it matters

If true, this is a privacy and security red flag. It has been reported that Hanff calls the pattern a "dark pattern" and a breach of trust; users who deliberately avoid browser extensions for privacy will feel betrayed. Anthropic's post linked by the researcher does not include a company response, and there is no public, detailed explanation in Hanff's write-up of why the desktop app would register that host. Regulators and security teams will want answers. In the meantime, the episode is a reminder that AI apps are increasingly blurring boundaries between platforms — and that you should probably look under the hood before you trust what's running on your machine.

Sources: thatprivacyguy.com, Hacker News