A ClaudeBleed-linked vulnerability in Claude for Chrome remains unpatched, allowing other extensions to access data.

A ClaudeBleed-linked vulnerability in Claude for Chrome remains unpatched, allowing other extensions to access data.

Claude for Chrome v1.0.80 still accepts forged clicks from other extensions, triggering Gmail, Docs, and Calendar tasks silently in hands-off mode.

A flaw in Anthropic's Claude for Chrome browser extension could allow a malicious extension to trigger predefined AI actions by simulating user clicks, potentially allowing it to…