Summary
Anthropic patched a critical "ShadowPrompt" vulnerability in the Claude Chrome Extension that allowed malicious websites to silently inject prompts and steal sensitive Google account data via a cross-site scripting chain.
Take Action:
Treat AI browser extensions as extremely dangerous high-privilege agents. If you use the Claude Chrome Extension, make sure it's updated to version 1.0.41 or higher immediately! Older versions allow attackers to silently hijack your browser session and access your email, documents, and chat history without any clicks. Review what permissions the extension has and stay alert for suspicious sites that may have exploited this before the patch.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)