Anthropic Claude Desktop Exposed for Installing Spyware-Like Browser Bridges
Severity: High (Score: 66.0)
Sources: Gbhackers, News.Aibase
Summary
Alexander Hanff, a safety expert, revealed that the Claude Desktop application from Anthropic installs Native Messaging bridge files across multiple Chromium-based browsers without user consent. This unauthorized installation allows the application to automate browser actions and access sensitive information on behalf of users, including banking and tax sites. The bridge files are written into browser configuration directories, even for browsers that are not currently installed, potentially compromising user privacy. Hanff highlighted a concerning 11.2% success rate for prompt injection attacks on the Chrome extension, raising the risk of unauthorized access to user sessions. He called for immediate action from Anthropic to remove or properly disclose this component to users. The incident underscores the importance of vigilance when installing software that may impact privacy and security. Key Points: • Claude Desktop installs browser bridge files without user consent, enabling potential spyware capabilities. • The application can access sensitive websites and perform actions on behalf of users due to strong automation features. • Hanff reported an 11.2% success rate for prompt injection attacks on the Chrome extension, increasing security risks.