ThreatCluster

Critical Vulnerabilities in Claude for Chrome Expose User Data to Attackers

First seen 15 Jul 2026, 08:28 UTC CybersecuritynewsGbhackers 88% similarity 67

Article Content

Browse articles
ThreatCluster

Two unpatched vulnerabilities in Anthropic's Claude for Chrome extension allow malicious browser extensions to access users' Gmail, Google Docs, and Calendar data. The flaws were reported by Manifold researchers in May 2026 but remain exploitable in version 1.0.801.0, released on July 7, 2026. Attackers can exploit these vulnerabilities using just six lines of JavaScript, posing a significant risk to user data. Despite multiple updates, the issues persist, raising concerns about the extension's security. Users of the Claude for Chrome extension are currently at risk of data breaches due to these vulnerabilities. The situation remains critical as no patches have been issued to address the flaws.

Key Points: • Two critical vulnerabilities in Claude for Chrome allow data access to attackers. • Malicious extensions can exploit the flaws using only six lines of JavaScript. • The vulnerabilities remain unpatched despite multiple updates since their discovery.

ThreatCluster AI

Timeline

2026-05-01
Vulnerabilities reported
Manifold researchers reported two critical flaws in Claude for Chrome that could expose user data.
Gbhackers
2026-07-07
Version 1.0.801.0 released
Anthropic released an update for Claude for Chrome, but the vulnerabilities remain unpatched.
Cybersecuritynews
2026-07-15
Current status
The vulnerabilities are still exploitable, posing a significant risk to users' data.
Gbhackers

Community

Browse all →