Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover

Staff Editor 2026-05-23
Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover

Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover

https://www.securityweek.com/vulnerability-in-claude-extension-for-chrome-exposes-ai-agent-to-takeover/

Publish Date: 2026-05-08 02:53:36

Source Domain: www.securityweek.com

Summary

LayerX, a cybersecurity firm, has revealed a severe security flaw in the Claude extension for Chrome, termed as ClaudeBleed. This vulnerability stems from lax permissions allowing any Chrome extension to run commands inClaude without stringent verification, together with an over-reliance on the origin of commands that lack context verification. Because the extension trusts the execution origin—claude.ai—rather than analyzing the execution context, this creates a pathway for attackers to leverage content scripts from malicious extensions. These attackers can thereby inject prompt commands, control the Claude AI agent, and bypass confirmation measures by exploiting the UI manipulation. The attack could facilitate unauthorized data exfiltration from platforms such as Gmail, GitHub, or Google Drive, alongside sending emails, deleting data, and sharing documents on the user’s behalf. Although an initial patch partially addressed the issue by introducing internal security checks, it was insufficient in eliminating the underlying vulnerability. A malicious actor can circumvent the patch by switching to a privileged mode for the extension.

Key Points:

  • Vulnerability Identified: LayerX discovered a severe security flaw in the Claude extension for Chrome called ClaudeBleed, stemming from unverified script execution and trust in origin rather than context.
  • Attack Mechanism: Attackers can utilize content scripts from malicious extensions to issue commands and take over the AI agent, exfiltrating data and performing unauthorized actions.
  • Exploit Bypass: The initial patch provided by Anthropic only partially addresses the problem by stopping ‘standard’ mode commands but fails to fully mitigate risk since attackers can switch to ‘privileged’ mode.
  • Security Breach: The flaw can bypass security checks and confirmation processes via DOM manipulation, enabling powerful unauthorized actions through the AI assistant.
  • No User Notification: The switch to ‘privileged’ mode does not require user notification or approval, posing a significant security risk.

More Stories

The Mythos Race: Trump’s New EO and Glasswing’s Expansion

The Mythos Race: Trump’s New EO and Glasswing’s Expansion

Staff Editor 2026-06-07
Intech to Perform OT Cybersecurity Assessment for Middle East Liquid Terminal Operator – News and Statistics

Intech to Perform OT Cybersecurity Assessment for Middle East Liquid Terminal Operator – News and Statistics

Staff Editor 2026-06-07
DentaQuest Data Breach Analysis: ShinyHunters Leak Exposes PII and PHI of 2.6 Million Members in 2026 – Rescana

DentaQuest Data Breach Analysis: ShinyHunters Leak Exposes PII and PHI of 2.6 Million Members in 2026 – Rescana

Staff Editor 2026-06-07

You may have missed

Billions spent and hypothetical returns: the AI boom explained with six charts | AI (artificial intelligence)

Billions spent and hypothetical returns: the AI boom explained with six charts | AI (artificial intelligence)

Staff Editor 2026-06-07
Artificial Intelligence Is Here To Stay. Are Hawaiʻi Schools Ready? – The 74

Artificial Intelligence Is Here To Stay. Are Hawaiʻi Schools Ready? – The 74

Staff Editor 2026-06-07
AI and grief: why technology can’t replace people

AI and grief: why technology can’t replace people

Staff Editor 2026-06-07
AI, social media give children a dangerous digital mirror

AI, social media give children a dangerous digital mirror

Staff Editor 2026-06-07
‘A driver of political violence’: how the breakneck AI boom is fueling anti-tech extremism | AI (artificial intelligence)

‘A driver of political violence’: how the breakneck AI boom is fueling anti-tech extremism | AI (artificial intelligence)

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy