V-Help
← All news
Security

Vulnerability in Claude Chrome Extension Lets Attackers Trigger AI Tasks

Vulnerability in Claude Chrome Extension Lets Attackers Trigger AI Tasks

Photo: BleepingComputer

Quick answer

A vulnerability in the Claude Chrome extension allows malicious extensions to trigger AI tasks, including access to Gmail, Google Docs, and other services.

Cybersecurity experts at Manifold Security have discovered a vulnerability in the Claude Chrome extension developed by Anthropic. The flaw allows malicious extensions to trigger predefined AI tasks by leveraging access to third-party services such as Gmail, Google Docs, Google Calendar, and Salesforce.

The issue stems from the Claude extension failing to verify the authenticity of JavaScript-generated events. In Chrome, events initiated by genuine user actions (e.g., mouse clicks) are marked as trusted (Event.isTrusted=true), while script-generated events are automatically labeled as untrusted (Event.isTrusted=false). The Claude extension ignored this check, enabling attackers to simulate user actions.

Researchers noted that the attack is limited to nine predefined tasks, including reading emails in Gmail, analyzing comments in Google Docs, or creating meetings in Google Calendar. To exploit the vulnerability, an attacker must convince a user to install a malicious extension capable of executing code on the claude.ai page and triggering AI tasks without their knowledge.

In addition to the main vulnerability, experts identified an internal parameter, skipPermissions=true, which could bypass certain access checks. However, this mechanism required additional vulnerabilities for exploitation and was not directly exploitable. Both issues were reported to Anthropic via its bug bounty program, but Manifold Security states they remain unpatched in the latest extension version (1.0.80).

Common questions

Which services are affected by the Claude Chrome extension vulnerability?
The vulnerability impacts access to Gmail, Google Docs, Google Calendar, and Salesforce, as the extension can perform predefined actions in these services.
How can attackers exploit this vulnerability?
Exploitation requires installing a malicious Chrome extension that mimics user clicks on claude.ai and triggers AI tasks without consent.
Has the vulnerability been fixed in the latest extension version?
No, researchers report the flaw persists in version 1.0.80, released on July 7.
Share:

Dzen feed: /feed/dzen.xml · RSS: /feed.xml

Why trust this

Prepared by the V-Help editorial team from the primary source with a published date.

Published by: V-Help.ru news desk

Source: BleepingComputer