// Alert

Claude threat report

// ClaudeMEDIUM

Researcher Oren Yomtov disclosed a prompt injection vulnerability in the Claude for Chrome browser extension that allows malicious websites to inject instructions without user interaction. The extension automatically reads active tab content to understand the page, enabling exploitation by simply loading a crafted webpage. Successful injection lets attackers act as the logged-in user across authenticated websites and exfiltrate data, leveraging the browser's existing session credentials.

// Get alerts for Claude