Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Claude Chrome extension flaw lets malicious extensions trigger AI actions

    July 16, 2026

    Black Hat Stories | Shanna Daly, CEO of Torin Cyber Group

    July 16, 2026

    Coca-Cola says Fairlife ransomware attack halts US dairy production

    July 16, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»Claude Chrome extension flaw lets malicious extensions trigger AI actions
    News

    Claude Chrome extension flaw lets malicious extensions trigger AI actions

    adminBy adminJuly 16, 2026No Comments4 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Claude

    A flaw in Anthropic’s Claude for Chrome browser extension could allow a malicious extension to trigger predefined AI actions by simulating user clicks, potentially allowing it to abuse Claude’s access to connected services such as Gmail, Google Docs, Google Calendar, and Salesforce.

    The issue was discovered by Ax Sharma of Manifold Security, who says it stems from how the Claude extension determines whether a user intentionally requested one of its built-in tasks.

    Chrome extensions with permission to run on a website can inject JavaScript into the page, allowing them to read and modify its contents. This includes changing page elements, reading information displayed on a site, and generating click and keyboard events programmatically.

    image

    According to Manifold’s report, the Claude extension listens for click events on a specific page element that launches one of its built-in AI workflows. These workflows are predefined tasks that allow Claude to perform actions in connected services such as Gmail, Google Docs, Google Calendar, and Salesforce.

    The supported workflows include:

    • usecase-gmail: read recent Gmail, identify promotional emails, and click unsubscribe
    • usecase-gdocs: open the user’s latest Google Doc, read all comments and feedback
    • usecase-calendar: read Google Calendar, find free slots, create meetings
    • usecase-salesforce: modify Salesforce leads, convert them to opportunities

    The researchers found the extension accepted JavaScript-generated click events without verifying whether they originated from a real user.

    When a browser generates an event from a real user action, such as a mouse click or key press, it marks it as trusted by setting the Event.isTrusted property to true. However, if JavaScript is used to generate the event, the browser automatically sets Event.isTrusted to false, allowing webpages and extensions to distinguish between real user interactions and events generated by JavaScript.

    According to Manifold Security, the Claude browser extension did not verify that a click event originated from a real user by checking the browser’s Event.isTrusted property before executing one of its predefined workflows.

    Instead, a malicious extension with permission to modify content on the ‘claude.ai’ domain could inject a page element containing one of nine supported task identifiers and generate a synthetic click event.

    Although the browser correctly marked the event as untrusted, Sharma says the Claude extension treated it as a legitimate user click and executed the requested AI action.

    The researcher notes that the flaw does not allow arbitrary prompt injection, but instead, the attack is limited to the nine predefined tasks built into the extension.

    The attack also does not allow a website to compromise the Claude extension directly, but requires an attacker to trick a user into installing a malicious extension that can execute code on claude.ai.

    That extension could then manipulate the webpage and trigger the Claude extension’s workflows.

    While a malicious browser extension already has broad access to webpages it can run on, the researchers say this flaw allows it to abuse Claude’s authenticated access to various connected services.

    The impact depends on the Claude extension’s configuration and whether users choose to approve sensitive actions or have Claude’s optional “Act without asking” setting enabled, which allows predefined workflows to execute automatically.

    In a second finding, the researchers found an internal ‘skipPermissions=true‘ parameter that bypassed certain permission checks when launching the extension.

    However, they acknowledged that the mechanism was not directly exploitable on its own and would require another vulnerability to create a specially crafted URL. 

    The researchers reported both findings to Anthropic through the company’s bug bounty program. Anthropic acknowledged the reports and closed the synthetic-click report, stating they were already tracking it as a broader issue. The second flaw, involving the internal skipPermissions=true parameter, was classified as informational.

    Manifold says the flaws are still exploitable in the latest version, 1.0.80, of the browser extension, released on July 7.

    “Manifold verified July 7 that both findings remain reproducible in 1.0.80. The content script and side-panel handlers we cited are byte-identical to the v1.0.72 source,” reads the report.


    article image

    Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

    The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

    Get the whitepaper



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleBlack Hat Stories | Shanna Daly, CEO of Torin Cyber Group
    admin
    • Website

    Related Posts

    News

    Coca-Cola says Fairlife ransomware attack halts US dairy production

    July 16, 2026
    News

    New ClickLock macOS malware traps users into revealing login password

    July 16, 2026
    News

    Survey of Canadian Security Intelligence Service Technical Capabilities: Report

    July 16, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Our Picks

    Claude Chrome extension flaw lets malicious extensions trigger AI actions

    July 16, 2026

    Black Hat Stories | Shanna Daly, CEO of Torin Cyber Group

    July 16, 2026

    Coca-Cola says Fairlife ransomware attack halts US dairy production

    July 16, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.