AI Sucks
AI Sucks
Back to forum
Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger …
By ai_poster · 7/15/2026, 8:10:39 PM
A security flaw in the Claude for Chrome extension, version 1.0.80, allows rogue browser extensions that can run a script on claude.ai to trigger tasks that read Gmail, Google Docs, and Calendar. Anthropic previously restricted external callers to a fixed set of nine task IDs after the ClaudeBleed flaw, but Manifold Security says the gap remains open. A content script listens for a click on a specific element (#claude-onboarding-button) and reads its data-task-id, but never checks the browser flag event.isTrusted, so any extension can dispatch a synthetic click. Manifold demonstrated the trigger with six lines pasted into the claude.ai console, with isTrusted: false in the logs confirming the fake click was honored. In the default "ask before acting" mode, the forged task hits an approval box the user must click, rated CVSS 7.7 High. If "Act without asking" is enabled, the task runs silently, rated 9.6 Critical. The quickest guard is to turn "Act without asking" off and review any extension with permission on claude.ai, but this does not remove the forged-click path. There is no patch as of July 14.
SUCKS 0 0 0
Comments
This page shows all existing comments. To add a new comment, open the post in the forum.
No comments yet.