A Native Messaging Host is a local application that browser extensions use to exchange JSON messages outside the browser process. The browser launches or connects to this helper through an approved registration, letting the extension reach operating-system features that the browser sandbox cannot access directly.
This matters because the bridge creates a trust boundary. In legitimate use, it supports password managers, enterprise tools, and hardware integrations. In attacks, a malicious extension or abused registration can turn the host into a command channel for running local programs, starting PowerShell, or moving from browser context into native code execution. Defenders should inventory registered hosts, restrict extension permissions, and alert on unusual browser-to-host activity or script and PowerShell launches tied to browser sessions.



