Claude Desktop may be lacking controls and docs on how they integrate with browsers extension, but the write up seems overly dramatic.

It’s not clear any browser extension actually were installed in the browser on the author’s system. Until such extension is installed, the native messenging manifest are inactive, no browser would use them. This standard web technology allow, by design, for specific browser extensions to reach to specific apps outsider the sandbox. A pairing occurs, where the native app allow only specific extensions (cf pre-installed manifest), and the extension request a specific app. Both need to occur to allow the communication.

Looking at one the extension info on the chrome store, it’s obvious what they do. https://chromewebstore.google.com/detail/claude/fcoeoabgfenejglbffodgkkbkcdhcgfn

I would trust neither app nor extension in my system, not without extra sandboxing, as an abundance of caution. But this write-up comes up short of showing spyware behavior.

They’re listed in the installation pages from what I recall. I unselected them and have no spurious browser extensions installed.

It’s breaking out of containment /s