Anthropic Claude Desktop Native Messaging Bridge - The Report (April 2026) Anthropic’s official Claude Desktop application (Electron-based, for macOS and Windows) automatically installs an undocumented Native Messaging host bridge during installation and on every launch. On macOS, it places a manifest file (com.anthropic.claude_browser_extension.json) and associated helper binary in the NativeMessagingHosts directories of seven Chromium-based browsers (Chrome, Edge, Brave, Arc, Vivaldi, Opera, and Chromium), even for browsers the user has not installed. On Windows, equivalent registry entries are created under the relevant browser keys. The bridge pre-authorizes specific Anthropic-controlled Chrome extension IDs to communicate directly with the desktop app via standard input/output, outside the browser sandbox. It runs with user-level privileges, is rewritten on each launch (making removal non-persistent), and is not mentioned in the installer, documentation, settings, or release notes. The same behavior occurs on Windows, though implemented via registry rather than filesystem manifests. thatprivacyguy.com Functionality Enabled The bridge supports Anthropic’s Claude Cowork (desktop agentic workflows) and Dispatch (remote task assignment from mobile). When activated by a compatible Claude browser extension, it enables high-fidelity browser automation, including: Direct DOM access and reading of page content Authenticated session sharing (using existing logins/cookies) Interactive control (form filling, clicking, navigation, scrolling) Data extraction and multi-step web workflows Session recording as GIFs This provides a more reliable and precise alternative to screenshot-based “computer use” for web tasks, allowing Claude to act as a seamless “digital coworker” on real browser sessions without constant manual intervention or context switching. pluto.security Why Anthropic Is Taking This Approach Anthropic is prioritizing frictionless, agentic AI capabilities to make Claude more useful for productivity and automation. By pre-registering the bridge, the company ensures immediate availability of browser integration for users, enabling Cowork/Dispatch features, without requiring separate manual extension setup or configuration steps. This design choice supports their vision of Claude as an autonomous assistant capable of handling real-world web-based work (e.g., data aggregation, form handling, testing) across common browsers. The implementation is cross-platform and persistent to maintain a consistent, “always-ready” experience. However, it has drawn criticism for lacking transparency, explicit user consent, and documentation, as well as for modifying other vendors’ application directories and creating potential security surface area (e.g., prompt-injection risks once activated). As of 21 April 2026, Anthropic has not issued a public response to the report. The approach reflects a common industry tension: balancing powerful AI agent functionality with user control and privacy expectations. Users concerned about the bridge can manually remove the manifests/registry entries, though the app may recreate them on relaunch.
