Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Claude Chrome extension flaw lets malicious extensions trigger AI actions

0
Low
Vulnerabilityrce
Published: 07/16/2026 (07/16/2026, 19:26:07 UTC)
Source: Bleeping Computer

Description

A vulnerability in Anthropic's Claude Chrome extension allows malicious browser extensions to trigger predefined AI workflows by simulating user clicks without verifying their authenticity. This flaw enables abuse of Claude's access to connected services such as Gmail, Google Docs, Google Calendar, and Salesforce. The attack requires a malicious extension installed by the user and is limited to nine predefined tasks. The vulnerability does not permit arbitrary prompt injection or direct compromise of the Claude extension. The issue remains present in version 1.0.80 of the extension as of July 7, 2026. Anthropic acknowledged the report and is tracking it as part of a broader issue. A second informational finding related to permission bypass exists but is not directly exploitable alone.

Affected software

Affected versions
=1.0.80

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/16/2026, 19:32:47 UTC

Technical Analysis

The Claude Chrome extension listens for click events on specific page elements to trigger predefined AI workflows that interact with connected services like Gmail and Salesforce. It fails to verify the Event.isTrusted property, which distinguishes real user clicks from synthetic JavaScript-generated events. A malicious extension with permission to run on claude.ai can inject elements and generate synthetic clicks, causing Claude to execute these workflows without user consent. The flaw is limited to nine built-in tasks and requires a malicious extension installed by the user. The vulnerability was reported by Manifold Security and remains reproducible in version 1.0.80. Anthropic has acknowledged the issue and closed the synthetic-click report, tracking it as part of a broader problem. A second issue involving an internal skipPermissions=true parameter was also reported but deemed informational and not directly exploitable.

Potential Impact

A malicious browser extension can abuse the Claude extension's authenticated access to connected services by triggering predefined AI workflows without genuine user interaction. This could lead to unauthorized reading, modification, or creation of data in services such as Gmail, Google Docs, Google Calendar, and Salesforce, depending on the user's Claude extension configuration and permission settings. The impact is limited to the nine predefined tasks and requires the user to install a malicious extension with permissions on claude.ai. There is no indication of arbitrary code execution or prompt injection beyond these tasks.

Mitigation Recommendations

Anthropic has acknowledged the vulnerability and is tracking it as part of a broader issue. As of July 7, 2026, the flaw remains reproducible in version 1.0.80 of the Claude Chrome extension. No official patch or fix has been confirmed yet. Users should exercise caution when installing browser extensions, especially those requesting permissions on claude.ai. Monitor vendor advisories for updates and apply official fixes once available. Avoid enabling the 'Act without asking' setting in Claude to reduce risk of automated unauthorized actions.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Threat ID: 6a5931d268715ace43963904

Added to database: 07/16/2026, 19:32:34 UTC

Last enriched: 07/16/2026, 19:32:47 UTC

Last updated: 07/16/2026, 23:03:08 UTC

Views: 5

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses