Native messaging host security for AI browser bridges
Native messaging hosts let browser extensions talk to local executables. That can be useful, but it also creates a persistent bridge outside the browser sandbox. ThumbGate audits those registrations and helps teams require explicit approval before they become part of the workflow.
Why this page exists
- Native messaging is a real local capability boundary, not a harmless implementation detail.
- A manifest can pre-authorize extension origins long before a human operator understands the blast radius.
- ThumbGate turns native messaging review into an auditable operator workflow instead of an invisible local side effect.
What native messaging hosts actually do
A native messaging host is a local manifest that tells a browser extension which executable it may launch on the operator machine. That bridge sits outside the browser sandbox, so it deserves the same review discipline teams use for deploy credentials or production write access.
The risk is not only the host binary itself. It is the combination of extension permissions, allowed origins, and whether the host remains registered for browsers the operator did not intentionally connect.
Signals ThumbGate audits
- Manifest files under browser-specific NativeMessagingHosts directories on macOS and Linux.
- Allowed extension origins and extension-id fan-out per host registration.
- Host binaries that are missing on disk, which leaves stale or broken registrations behind.
- AI/browser bridge manifests registered for browsers not detected in the usual local install paths.
The fastest operator action
Run npx thumbgate native-messaging-audit --json in the repo or workstation you govern. Review every AI browser bridge, remove anything you did not intentionally integrate, and keep browser-use in ask-before-acting mode until connector scope is explicit and revocable.
FAQ
Why does native messaging deserve a separate security review?
Because it lets a browser extension hand work to a local executable outside the browser sandbox. That is a different trust boundary than ordinary page automation or side-panel UI access.
How does ThumbGate help with native messaging host security?
ThumbGate audits known host locations, highlights AI/browser bridges, flags stale or missing host binaries, and gives teams an enforcement layer so future connector expansion requires explicit approval.