Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Unpatched Claude for Chrome Flaw Lets Extensions Read Gmail, Calendar

0
Medium
Vulnerability
Published: 07/14/2026 (07/14/2026, 13:00:00 UTC)
Source: SecurityWeek

Description

A vulnerability linked to ClaudeBleed persists in the Claude for Chrome browser extension, allowing malicious extensions to trigger Claude to perform actions on a user's behalf without genuine user approval. This flaw can expose sensitive data such as Gmail messages, Google Docs, and calendar entries to other extensions. The issue stems from a mechanism that does not verify whether a user click is genuine, enabling fake interactions. While a confirmation prompt exists by default, enabling the extension's autonomous mode allows actions without warnings. Additionally, a design gap allows the extension's side panel to launch directly into no-confirmation mode via a URL parameter, posing a structural risk. Despite multiple patches, including eight versions since the initial ClaudeBleed fix, the vulnerability remains unpatched as of version 1.0.80. No known exploits are currently reported in the wild.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/14/2026, 13:02:50 UTC

Technical Analysis

The Claude for Chrome extension contains a vulnerability related to the previously disclosed ClaudeBleed flaw. The vulnerability allows a malicious browser extension to impersonate user interactions and cause Claude to execute actions without real user consent. This can lead to unauthorized reading of Gmail, Google Docs, and calendar data. The initial mitigation restricted prompts to a fixed set of pre-approved tasks, but the activation mechanism fails to verify genuine user clicks, enabling other extensions to fake interactions. The extension's default setting requires user confirmation before sensitive actions, but if the 'Act without asking' autonomous mode is enabled, the attacker can bypass warnings. A secondary design issue involves a URL parameter that can launch the extension directly into no-confirmation mode, which currently is not exploitable but represents a future risk. Despite reporting to Anthropic in May 2026 and multiple subsequent releases, including version 1.0.80, the vulnerability remains unpatched. Anthropic has described the pre-approved task list as an interim mitigation pending a complete fix.

Potential Impact

The vulnerability allows other browser extensions to trigger Claude to perform actions on behalf of the user without genuine user interaction, potentially exposing sensitive user data such as Gmail messages, Google Docs documents, and calendar entries. If the user has enabled the autonomous mode, these actions can proceed silently without any confirmation prompt, increasing the risk of unauthorized data access. The structural design gap involving URL parameters could enable future silent control over user accounts if exploited. No known active exploitation has been reported.

Mitigation Recommendations

As of the latest information, no official fix or patch has been released to fully address these vulnerabilities. The current mitigation involves the use of a fixed set of pre-approved tasks and a confirmation prompt in the default extension setting. Users should avoid enabling the 'Act without asking' autonomous mode to reduce risk. Monitor vendor advisories from Anthropic for updates on a complete fix. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"https://www.securityweek.com/unpatched-claude-for-chrome-flaw-lets-extensions-read-gmail-calendar/","fetched":true,"fetchedAt":"2026-07-14T13:02:32.759Z","wordCount":1086}

Threat ID: 6a56336868715ace4387c40d

Added to database: 07/14/2026, 13:02:32 UTC

Last enriched: 07/14/2026, 13:02:50 UTC

Last updated: 07/15/2026, 02:26:08 UTC

Views: 19

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses