Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

The Claude for Chrome Vulnerability: A Rogue Extension's Power to Unleash Gmail Reads



The Claude for Chrome vulnerability has revealed a serious issue with browser extensions' ability to bypass safety measures, allowing rogue actors to trigger sensitive user actions without explicit permission. Researchers have identified two critical flaws that must be patched urgently to prevent further exploitation.

  • The "Claude" vulnerability allows rogue extensions to trigger Gmail reads using Google Chrome browser extension.
  • The vulnerability is a prompt injection issue, where an attacker can manipulate a script-generated click to bypass safety measures and access sensitive user data.
  • The same vulnerability exists in the latest release of v1.0.80, which is still shipping with the browser extension.
  • The primary weakness lies in the handling of synthetic clicks, where an attacker can manipulate a script-generated click to trigger the execution of a task on claude.ai without requiring user approval.
  • Manifold Security has highlighted two primary issues with this vulnerability: forged clicks and disabling the approval step for certain tasks.
  • The impact extends beyond Gmail reads, allowing potential hijacking of Google Dialogflow CX chatbots and Android bank fraud using Telegram Rental Services.



  • The cybersecurity landscape has recently been marred by a vulnerability dubbed "Claude" that allows rogue extensions to trigger Gmail reads using the popular Google Chrome browser extension. This discovery was made by researchers at Manifold Security, who have identified a critical flaw in Anthropic's Claude for Chrome extension that enables malicious actors to bypass safety measures and access sensitive user data. The vulnerability is characterized as a "prompt injection" issue, where an attacker can manipulate a script-generated click to trigger the execution of a task on claude.ai, allowing them to read emails, view Google Docs, and even access calendar events without the user's knowledge or consent.

    According to Manifold Security, Anthropic initially addressed this flaw by restricting arbitrary-prompt paths in May as part of its response to an earlier vulnerability known as ClaudeBleed. However, it appears that despite these efforts, the same vulnerability still exists in the latest release of v1.0.80, which is still shipping with the browser extension and can be downloaded from the Chrome Web Store. The researchers have confirmed that this issue is not isolated to a specific version of the software but rather is an ongoing problem that has been present across multiple releases.

    The nature of the vulnerability lies in its ability to bypass Anthropic's safety measures, which are designed to prevent malicious actors from exploiting the extension. According to Manifold Security, the primary weakness in the Claude for Chrome codebase lies in its handling of synthetic clicks, where an attacker can manipulate a script-generated click to trigger the execution of a task on claude.ai without requiring user approval. This mechanism allows rogue extensions that can reach the DOM on claude.ai to build the element, set the task ID, and dispatch a synthetic click, which is treated by the extension as a genuine tap.

    The researchers have demonstrated this vulnerability through various means, including injecting six lines of JavaScript code into the claude.ai console. They confirmed that when these scripts were executed, the rogue extension's content script triggered an approval box that was subsequently ignored due to the absence of the event.isTrusted flag, which indicates a real user click.

    Manifold Security has highlighted two primary issues with this vulnerability: the first concerns the ability of rogue extensions to trigger forged clicks on claude.ai, allowing them to bypass safety measures and access sensitive user data. The second issue relates to the extension's handling of the URL parameter skipPermissions, which allows malicious actors to disable the approval step for certain tasks without requiring explicit permission from the user.

    The impact of this vulnerability extends beyond merely allowing rogue extensions to trigger Gmail reads. It also implies that an attacker could potentially hijack Google Dialogflow CX chatbots, as well as Android bank fraud by using a Telegram Rental Service. Furthermore, researchers have identified another related issue known as GhostApproval Symlink Flaws, which can allow malicious repositories to run code in AI coding agents.

    The discovery of this vulnerability underscores the ongoing struggle between security researchers and developers to create secure extensions that do not compromise user privacy. The Claude for Chrome vulnerability serves as a stark reminder that even seemingly minor issues can have far-reaching implications, particularly when it comes to access control and data protection.

    Manifold Security has called for the patching of both vulnerabilities in v1.0.80, urging users to turn off the "Act without asking" mode and review any extension with permission to read or change data on claude.ai. The company's findings have been shared publicly, but it is unclear whether Anthropic will issue a formal update or advisory regarding these critical security issues.

    Summary:

    A recent vulnerability in the Claude for Chrome browser extension has allowed rogue extensions to trigger Gmail reads using the popular Google Chrome browser extension. Researchers at Manifold Security have identified this flaw as a prompt injection issue, where an attacker can manipulate a script-generated click to bypass safety measures and access sensitive user data. The vulnerability is present across multiple releases of v1.0.80 and has been confirmed by the researchers through various means, including injecting JavaScript code into the claude.ai console. Manifold Security urges users to take immediate action to patch these critical security issues and emphasizes the need for developers to prioritize data protection and access control in their software development practices.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/The-Claude-for-Chrome-Vulnerability-A-Rogue-Extensions-Power-to-Unleash-Gmail-Reads-ehn.shtml

  • https://thehackernews.com/2026/07/claude-for-chrome-flaw-lets-other.html


  • Published: Wed Jul 15 03:07:25 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us