Security · 3h ago
Claude for Chrome Flaw Lets Rogue Extensions Access Gmail and Docs
Researchers found that malicious browser extensions can exploit a flaw in Claude for Chrome to read Gmail, Google Docs, and Calendar data. The attack requires a rogue extension already running on claude.ai, but Anthropic's May fix only partially addressed the issue. The vulnerability expands on the earlier ClaudeBleed bug, increasing the risk of data theft via browser extensions.
Meridian48 take
Anthropic's partial fix leaves users exposed to a broader attack surface, highlighting the challenge of securing AI browser tools against malicious extensions.
Read the full reporting
Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads →
The Hacker News
claude-for-chromebrowser-extension-security