Critical Vulnerabilities in Claude for Chrome Expose User Data to Attackers
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Two unpatched vulnerabilities in Anthropic's Claude for Chrome extension allow malicious browser extensions to access users' Gmail, Google Docs, and Calendar data. The flaws were reported by Manifold researchers in May 2026 but remain exploitable in version 1.0.801.0, released on July 7, 2026. Attackers can exploit these vulnerabilities using just six lines of JavaScript, posing a significant risk to user data. Despite multiple updates, the issues persist, raising concerns about the extension's security. Users of the Claude for Chrome extension are currently at risk of data breaches due to these vulnerabilities. The situation remains critical as no patches have been issued to address the flaws.
Key Points: • Two critical vulnerabilities in Claude for Chrome allow data access to attackers. • Malicious extensions can exploit the flaws using only six lines of JavaScript. • The vulnerabilities remain unpatched despite multiple updates since their discovery.