Once again, brave browser sucks. Use Firefox or a Firefox fork if you want any real security.
this post was submitted on 20 Apr 2026
135 points (97.9% liked)
Security
2109 readers
1 users here now
A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.
Rules :
- All instance-wide rules apply.
- Keep it totally legal.
- Remember the human, be civil.
- Be helpful, don't be rude.
Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient
founded 3 years ago
MODERATORS
I don't think Firefox is immune to this, just that because its architecture is different, Anthropic didn't bother coding a bridge for it (given its market share).
The main issue here is that Anthropic violated one of the most important (implicit) tenets of applications in a computer: don't touch other people's shit. Claude.app modified Brave (and others) configuration, adding an extension without user consent. An extension that, by the way, gives full control of the browser to Claude, including reading the DOM for browser tabs unrelated to Claude (for example, the one where you just entered your credit card details).
I can't believe how many decades we got out of just letting all apps have full access to $HOME. In $current_year it's our own fault if we don't properly isolate our applications I guess. Android does a pretty good job of it IMO although cross-app intents probably need more protection.
Technically, at least as far as the author can tell, it only affects Chromium-based browsers. So Firefox would not be affected (yet).
And only on Mac so far, the app being made with ElectronOS. Not sure what Windows looks like.
What's Brave got to do with this? The article (that you didn't read) goes into detail about how Anthropic places these files in the directory for any Chromium-based browser.
While brave itself is only a minor character in this story, it is Chromium based. I was merely pointing it out. You'd be surprised how many push the brave browser on Lemmy.
What is it with Lemmy users posting semi-unrelated comments just to make a point?
You can't post anything in the Android or GooglePixel communities without 4 "ditch Google, use Graphene" comments.
It really doesn't make for an engaging community that one wants to partake in.
I'm pretty sure I do not represent the com as an individual.
No but you're doing a good job fuelling the stereotype 😃
👍
Maybe just maybe forums are for discourse? Or maybe you're just as at fault for trying to gatekeep, bringing the "immediately on topic" comment ratio down? Be the change you want to see in world and let it go. It's easy, start by not responding now.
This article is about Claude Desktop, the Electron-based macOS application
So you are bitching a chrome browser reconfiged your other chrome browser.....
It is a bit of a nothingburger, but it's important to note that Electron apps normally bundle their own chromium instance within itself and don't use other browsers. I suspect this is done to potentially support working directly with browsers you have installed.
to lazy to read but sounds like its related to its front end testing mcp which you would expect to have access to browser configs when needed especially for playwright
It’s going to take creds out of your browser, spawn a new one not in the browser sandbox and act as the user to complete tasks. What tasks? ¯\_(ツ)_/¯
Not at all surprised
