SECURITYMALWAREBYTES LABS
Claude for Chrome flaw could let rogue extensions access your Gmail
A security flaw in the Claude for Chrome browser extension, called ClaudeBleed, allows malicious extensions to impersonate the Claude website and force the assistant to perform unauthorized actions, such as reading Gmail or manipulating documents. Anthropic addressed some issues but researchers claim the core vulnerability remains unresolved, enabling rogue extensions to exploit permissions granted to Claude.
Mentioned
Related Signal
Adjacent reporting
- Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI
- Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages
- Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
- Grafana Patches AI Bug That Could Have Leaked User Data
- ChatGPT blindly trusts browser content, turning the page into a payload