Anthropic's Claude Desktop silently installs a Native Messaging bridge into seven Chromium browsers, including browsers Anthropic's own documentation says it does not support, and browsers the user has not even installed.
I don’t think Firefox is immune to this, just that because its architecture is different, Anthropic didn’t bother coding a bridge for it (given its market share).
The main issue here is that Anthropic violated one of the most important (implicit) tenets of applications in a computer: don’t touch other people’s shit. Claude.app modified Brave (and others) configuration, adding an extension without user consent. An extension that, by the way, gives full control of the browser to Claude, including reading the DOM for browser tabs unrelated to Claude (for example, the one where you just entered your credit card details).
I can’t believe how many decades we got out of just letting all apps have full access to $HOME. In $current_year it’s our own fault if we don’t properly isolate our applications I guess. Android does a pretty good job of it IMO although cross-app intents probably need more protection.
I don’t think Firefox is immune to this, just that because its architecture is different, Anthropic didn’t bother coding a bridge for it (given its market share).
The main issue here is that Anthropic violated one of the most important (implicit) tenets of applications in a computer: don’t touch other people’s shit. Claude.app modified Brave (and others) configuration, adding an extension without user consent. An extension that, by the way, gives full control of the browser to Claude, including reading the DOM for browser tabs unrelated to Claude (for example, the one where you just entered your credit card details).
I can’t believe how many decades we got out of just letting all apps have full access to
$HOME. In$current_yearit’s our own fault if we don’t properly isolate our applications I guess. Android does a pretty good job of it IMO although cross-app intents probably need more protection.Technically, at least as far as the author can tell, it only affects Chromium-based browsers. So Firefox would not be affected (yet).
And only on Mac so far, the app being made with ElectronOS. Not sure what Windows looks like.