ClaudeBleed: Chrome AI Extension Steals Data & Commands
Summary
A security flaw has been found in Anthropic’s “Claude in Chrome” extension. This vulnerability, called ClaudeBleed, allows any Chrome extension to hijack Claude, forcing it to steal data and perform unauthorized actions. What's interesting is that this flaw stems from a poor implementation of trust. It means even extensions without special permissions can execute commands in a privileged mode. Researchers demonstrated they could forge user approval and exfiltrate data from services like Gmail or Google Drive. They could even send unauthorized emails or delete user data. Anthropic has released a partial fix, but researchers warn that the vulnerability can still be exploited. This matters because it highlights ongoing risks even with AI tools designed to help us.
This is an AI-generated audio summary. Always check the original source for complete reporting.