A vulnerability in the Claude extension for Chrome, dubbed ClaudeBleed, could let attackers take over the AI agent through remote prompt injection and bypass user-confirmation protections. LayerX says the flaw can be abused to steal data from Gmail, GitHub, and Google Drive, while also sending emails, deleting data, and sharing documents on the userβs behalf. #ClaudeBleed #Claude #Anthropic #LayerX
Keypoints
- ClaudeBleed affects the Claude extension for Chrome.
- Any Chrome extension can issue commands to Claude in Chrome.
- The flaw stems from weak permission checks and trust in origin instead of execution context.
- Attackers can use remote prompt injection to control Claudeβs actions.
- The issue may enable theft from Gmail, GitHub, and Google Drive, plus unauthorized emails and document sharing.