Skip to content
Tech News
← Back to articles

Claude Chrome extension flaw lets malicious extensions trigger AI actions

read original more articles
Why This Matters

The vulnerability in Anthropic's Claude Chrome extension highlights the risks of malicious extensions exploiting AI integrations to perform unauthorized actions across connected services. This poses significant security concerns for both developers and consumers, emphasizing the need for stricter validation and security measures in browser extensions. Addressing such flaws is crucial to maintaining user trust and safeguarding sensitive data in the evolving AI-driven ecosystem.

Key Takeaways

A flaw in Anthropic's Claude for Chrome browser extension could allow a malicious extension to trigger predefined AI actions by simulating user clicks, potentially allowing it to abuse Claude's access to connected services such as Gmail, Google Docs, Google Calendar, and Salesforce.

The issue was discovered by Ax Sharma of Manifold Security, who says it stems from how the Claude extension determines whether a user intentionally requested one of its built-in tasks.

Chrome extensions with permission to run on a website can inject JavaScript into the page, allowing them to read and modify its contents. This includes changing page elements, reading information displayed on a site, and generating click and keyboard events programmatically.

According to Manifold's report, the Claude extension listens for click events on a specific page element that launches one of its built-in AI workflows. These workflows are predefined tasks that allow Claude to perform actions in connected services such as Gmail, Google Docs, Google Calendar, and Salesforce.

The supported workflows include:

usecase-gmail: read recent Gmail, identify promotional emails, and click unsubscribe

read recent Gmail, identify promotional emails, and click unsubscribe usecase-gdocs: open the user's latest Google Doc, read all comments and feedback

open the user's latest Google Doc, read all comments and feedback usecase-calendar: read Google Calendar, find free slots, create meetings

read Google Calendar, find free slots, create meetings usecase-salesforce: modify Salesforce leads, convert them to opportunities

The researchers found the extension accepted JavaScript-generated click events without verifying whether they originated from a real user.

... continue reading