Claude Desktop’s Silent Sandbox Bypass: The Undocumented Browser Bridge

Anthropic has been caught silently installing a Native Messaging manifest across seven different Chromium-based browsers, even those not present on your system.The Hook: A "safety-first" AI lab is deploying undocumented bridges that bypass the browser sandbox.The Problem: The com.anthropic.claude_browser_extension.json file allows an out-of-sandbox helper binary to run at user-level privileges, granting potential access to authenticated sessions, DOM states, and form data.The Solution: Forensic auditing of your ~/Library/Application Support/ directories and manual removal of the persistent manifest.This brief covers the "dark patterns" identified in the recent audit, including the fact that Claude Desktop rewrites these files on every launch, making them nearly impossible to delete without removing the app itself.For a full forensic deep dive into the MD5 hashes, code signatures, and legal implications regarding the ePrivacy Directive, listen to our latest podcast episode.Stay Updated:X/Twitter: @neuralintelorgWeb: neuralintel.org