Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Fortinet Patches Critical, High Vulnerabilities in FortiOS, FortiProxy
July 14, 2026
Microsoft Patch Tuesday fixes 570 flaws including 3 zero-days
July 14, 2026
Critical Flaw: OAuth Client ID Spoofing Exposes 2 Million Entra ID Users
July 14, 2026
Home/CyberSecurity News/Critical Claude for Chrome Flaw Exposes Gmail, Docs, Calendar Data
CyberSecurity News

Critical Claude for Chrome Flaw Exposes Gmail, Docs, Calendar Data

Key Takeaways Anthropic’s Claude for Chrome browser extension contains two unpatched vulnerabilities. These flaws could allow attackers to access and manipulate user data in Gmail, Google Docs,...

David kimber
David kimber
July 14, 2026 4 Min Read
3 0

Key Takeaways

  • Anthropic’s Claude for Chrome browser extension contains two unpatched vulnerabilities.
  • These flaws could allow attackers to access and manipulate user data in Gmail, Google Docs, and Google Calendar.
  • One vulnerability carries a Critical CVSS score of 9.6, enabling silent data exfiltration and action if the “Act without asking” mode is enabled.
  • Despite being reported in May 2026 and acknowledged by Anthropic, fixes have not been implemented in the latest version, 1.0.80.

A critical security flaw within Anthropic’s Claude for Chrome browser extension could permit malicious actors to compromise sensitive user data across Google services, including Gmail, Google Docs, and Google Calendar. This vulnerability, which requires as little as six lines of JavaScript to exploit, remains unpatched across eight subsequent releases, including the most recent version, 1.0.80.

Table Of Content

  • Key Takeaways
  • Claude for Chrome Vulnerabilities Detailed
  • Unaddressed Risks and Previous Incidents
  • What You Should Do

Security researchers from Manifold initially identified and reported these issues in May 2026. However, despite their disclosure, the vulnerabilities persist and are reproducible in the extension’s current iteration, released on July 7, 2026.

Claude for Chrome Vulnerabilities Detailed

The primary vulnerability resides within Claude’s content script, which is designed to detect and respond to user clicks on an onboarding button. Upon detecting a click, the script forwards a corresponding prompt to Claude’s side panel. The fundamental flaw lies in the script’s failure to verify the authenticity of the click event by checking the event.isTrusted property.

This oversight allows any other browser extension with script execution privileges on claude.ai – a common permission for many extensions – to programmatically simulate a user click. By injecting just six lines of JavaScript, an attacker can trick Claude into executing one of nine pre-defined prompts without the user’s explicit consent or knowledge.

These hardcoded prompts are not benign. Three of them pose significant risks:

  • Reading and interacting with Gmail content, including actions like clicking unsubscribe links.
  • Accessing and reading comments from the user’s most recently opened Google Doc.
  • Scanning Google Calendar to create new meetings.

While Claude’s default “Ask before acting” mode would display an approval pop-up to the user, the severity escalates dramatically if the “Act without asking” mode is enabled. In this configuration, Claude executes these potentially malicious actions silently, without any user interaction, earning this vulnerability a Critical CVSS score of 9.6.

A secondary, structural issue was also identified within the Claude extension. The side panel can be forced into a privileged, consent-free mode simply by loading a URL containing the parameter ?skipPermissions=true. This bypasses any requirement for user gestures to activate advanced permissions. Although a warning banner does appear, it only does so after the privileged mode has already been activated, rendering it an informational notice rather than a protective measure.

Currently, this second issue is not directly exploitable by external parties, as only the extension itself can construct this specific URL. However, researchers caution that this represents a significant future risk. Any subsequent bug, such as a new message handler flaw, an XSS vulnerability, or a regression that permits external code to generate this URL, could immediately grant silent, comprehensive access to a user’s account data.

Both identified issues align with recognized security risks outlined in the OWASP Top 10 for LLM Applications. The synthetic-click vulnerability is categorized under prompt injection (LLM01), while the excessive permissions and silent execution capabilities fall under excessive agency (LLM06).

Unaddressed Risks and Previous Incidents

Proposed solutions for these vulnerabilities are straightforward: implementing a check for isTrusted on all click events and removing the URL-based privilege escalation mechanism. Despite the simplicity of these fixes, Anthropic has not incorporated them. The company acknowledged both reports within a day of their submission but subsequently closed them. Anthropic contended that the synthetic-click issue was already covered by an internal report and that the URL parameter did not pose an externally reachable risk.

Manifold researcher Ax Sharma reverified on July 7 that the problematic code remains byte-identical to the version initially reported, confirming that no patch has been deployed.

This situation mirrors a previous incident known as ClaudeBleed, where an announced fix for a vulnerability later proved incomplete. Such patterns raise serious questions about how AI-powered browser extensions manage trust boundaries between third-party scripts and their own privileged, agentic actions, and the effectiveness of their vulnerability remediation processes.

What You Should Do

  • Exercise Caution: Be aware of the risks associated with browser extensions that have broad permissions, especially those interacting with sensitive data like email and documents.
  • Review Extension Permissions: Regularly check the permissions granted to all your browser extensions. Revoke or uninstall any extensions that demand excessive permissions not essential for their stated function.
  • Disable “Act without asking” Mode: If you use Claude for Chrome, ensure that the “Ask before acting” mode is enabled. This will at least prompt you before the extension performs any actions, even if a vulnerability is exploited.
  • Stay Informed: Monitor official announcements from Anthropic and reputable cybersecurity news sources for updates and patches regarding the Claude for Chrome extension.
  • Consider Alternatives: If the risks are unacceptable, consider limiting your use of the Claude for Chrome extension or exploring alternative methods for interacting with Claude until these critical vulnerabilities are fully addressed.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitPatchSecurityVulnerability

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

Critical Vulnerability in AsyncAPI npm Packages Exposes Users to Attack

Next Post

Critical Flaw: OAuth Client ID Spoofing Exposes 2 Million Entra ID Users

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical FortiSandbox CVE-2023-34981 Exposes VNC Server to Attackers
July 14, 2026
SOC Efficiency: Cut Alert Overload and MTTR by 21 Minutes Per Case
July 14, 2026
Miasma Malware Creates Backdoors in npm Packages, Targets Dev Machines
July 14, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us