// ClaudeHIGH
LayerX researchers disclosed ClaudeBleed, a vulnerability in the Claude for Chrome extension that allows any installed Chrome extension—without special permissions—to hijack the Claude AI agent and issue privileged commands. The flaw stems from the extension trusting the claude.ai origin rather than the execution context, combined with an externally_connectable configuration and a message handler that forwards arbitrary prompts. Exploitation enables remote prompt injection, exfiltration of private Google Drive and Gmail data, and sending emails on behalf of the user without consent. The issue was reported by LayerX senior researcher Aviad Gispan, and impacts users who have installed the Claude Chrome extension.
- Vulnerability in Claude Extension for Chrome Exposes AI Agent to
- ClaudeBleed Vulnerability Lets Hackers Hijack Claude Chrome Exte
// Get alerts for Claude