🟡 Medium  |  Source: The Hacker News


A flaw in Anthropic’s Claude for Chrome browser extension allows any other malicious extension that can inject scripts on claude.ai to trigger Claude to read a user’s Gmail, Google Docs, and Google Calendar without their knowledge. The attack requires a rogue extension already running on claude.ai, but once that condition is met, the scope of accessible data is significant. Anthropic previously patched a related arbitrary-prompt injection issue (ClaudeBleed) in May, but this cross-extension task-triggering vector remains a concern.

Security Architect’s Take: Audit and restrict browser extensions permitted in your organisation via endpoint management policy (e.g. Chrome Browser Cloud Management), paying particular attention to any extensions with broad host permissions on AI assistant domains such as claude.ai. Until Anthropic issues a further patch, consider blocking or sandboxing Claude for Chrome in managed environments where Google Workspace data sensitivity is high.

Original advisory: Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads