Claude Desktop Alters Chromium Browser Settings Silently

According to reporting by The Register, Yahoo/Tech, and ITSecurityNews, Claude Desktop, Anthropic's macOS standalone app, installs a Native Messaging manifest file named com.anthropic.claude_browser_extension.json into browser-host directories for multiple Chromium-based browsers. The Register and Yahoo/Tech report the manifest pre-authorizes three Chrome extension identifiers and references a helper binary, which together allow a Chromium-based browser to invoke a local executable when the associated extension is present. The Register documents that Alexander Hanff discovered the files while debugging and described the behavior as "spyware" in his write-up. Yahoo/Tech reports that researcher Noah M. Kenney reproduced technical aspects but disputed the spyware characterization. Yahoo/Tech also reports Anthropic has not issued a public statement in response to these reports.

Per The Register and ITSecurityNews, the manifest is a standard Chromium Native Messaging manifest that lists extension IDs and an executable path; the file is placed into system-level browser-host folders used by Chrome, Edge, Brave, Opera and other Chromium forks. ITSecurityNews reports the desktop app rewrites those files on each launch, meaning manual deletion can be reversed unless the app itself is removed. The Register notes the discovery occurred in an Electron-based distribution that bundles a version of Chromium.

Native Messaging is a legitimate browser API for local integration, but pre-installing manifests system-wide for browsers not present increases the window in which a future browser install can immediately enable local-executable access. Industry-pattern observations show that pre-authorized extension manifests transfer a portion of trust from browser sandboxing to local binaries, making local privilege and binary integrity critical elements of threat models.

Alexander Hanff framed the behavior as a potential violation of Article 5(3) of the EU ePrivacy Directive in reporting by The Register and Yahoo/Tech, a claim that raises regulatory and privacy questions for any desktop app that modifies other vendors' application folders without explicit, documented consent. Multiple outlets flag a documentation gap: Yahoo/Tech reports Anthropic's public docs on browser connectivity and troubleshooting do not mention Native Messaging pre-installation. Other security commentators (per Yahoo/Tech) reproduce parts of the behavior but differ on whether "spyware" is an accurate label, underscoring that technical reproducibility and legal characterization are distinct debates.

• •Regulatory signals: whether privacy regulators or consumer-protection bodies in the EU or other jurisdictions open inquiries or issue guidance on pre-authorized native manifests.
• •Vendor response and documentation: whether Anthropic publishes an engineering note, security advisory, or installer opt-in/opt-out controls clarifying the mechanism and consent model.
• •Technical mitigations and tooling: whether browser vendors or endpoint security vendors update policies to detect or block unsolicited Native Messaging manifests placed by third-party installers.

Endpoint security teams should treat system-level Native Messaging manifests as part of attack-surface inventories; software architects building desktop-to-browser integrations should document consent flows and persistence behaviors. Observers tracking privacy compliance should separate reproducible technical behavior from legal conclusions and follow regulator statements for definitive rulings.