Claude Chrome extension flaw lets malicious extensions trigger AI actions

Claude Chrome extension flaw lets malicious extensions trigger AI actions
A flaw in Anthropic’s Claude for Chrome extension could let a malicious browser extension trigger built-in AI workflows by faking user clicks, potentially abusing Claude’s access to connected services like Gmail, Google Docs, Google Calendar, and Salesforce. Manifold Security found that the extension failed to verify the browser’s trusted-event flag, and Anthropic has acknowledged the report while the issue remains reproducible in version 1.0.80. #Anthropic #Claude #ClaudeforChrome #ManifoldSecurity #Gmail #GoogleDocs #GoogleCalendar #Salesforce

Keypoints

  • A flaw in Claude for Chrome allows synthetic clicks to trigger AI workflows.
  • The issue can let a malicious extension abuse access to connected services.
  • Supported workflows include Gmail, Google Docs, Google Calendar, and Salesforce.
  • The extension failed to check Event.isTrusted before executing actions.
  • Manifold Security says the flaw remains reproducible in version 1.0.80.

Read More: https://www.bleepingcomputer.com/news/security/claude-chrome-extension-flaw-lets-malicious-extensions-trigger-ai-actions/