Claude for Chrome still contains two unresolved issues that let a script-capable browser extension trigger allowlisted tasks for Gmail, Google Docs, and Calendar through a forged click on claude.ai. Manifold Security says the current v1.0.80 build still accepts synthetic clicks and can enter skip-permissions mode from a URL, leaving users exposed if another extension can reach claude.ai. #ClaudeforChrome #Anthropic #ClaudeBleed #ManifoldSecurity
Keypoints
- A rogue extension can forge a click on claude.ai and trigger Claude for Chrome tasks.
- The allowlisted tasks include Gmail, Google Docs, and Calendar access.
- Claudeβs click handler does not check event.isTrusted, so synthetic clicks are accepted.
- The side panel can switch into skip_all_permission_checks when skipPermissions=true is set in the URL.
- Manifold Security found both issues still present in Claude for Chrome v1.0.80.
Read More: https://thehackernews.com/2026/07/claude-for-chrome-flaw-lets-other.html