Researchers disclosed “ShadowPrompt,” a vulnerability in Anthropic’s Claude Chrome extension that allowed any website to silently inject prompts by chaining an overly permissive (*.claude.ai) origin allowlist with a DOM-based XSS in an Arkose Labs CAPTCHA component. The flaw risked exposing access tokens, conversation history, and enabling actions like sending impersonated emails; Anthropic patched the extension (v1.0.41) on 2025-12-27 and Arkose Labs fixed the XSS on 2026-02-19. #Anthropic #ShadowPrompt
Keypoints
- ShadowPrompt let websites inject prompts into Claude’s sidebar without user interaction.
- The exploit chained a permissive (*.claude.ai) origin allowlist with a DOM-based XSS in an Arkose Labs CAPTCHA component.
- Successful attacks could steal access tokens, read conversation history, and perform actions like sending emails as the user.
- Anthropic released extension patch v1.0.41 on 2025-12-27 to enforce exact domain checks, and Arkose Labs fixed the XSS on 2026-02-19.
- Researchers emphasized that AI browser assistants are high-value targets and inherit the weakest trust boundary of allowed origins.
Read More: https://thehackernews.com/2026/03/claude-extension-flaw-enabled-zero.html