Security Flaw in Claude's Chrome Extension Allows Unauthorized Plugin Access
A security flaw has been discovered in the Chrome extension for Anthropic's Claude AI model, as reported by LayerX, a browser security firm. This vulnerability allows any plugin, even those without special permissions, to embed hidden instructions and take control of the AI agent. The flaw arises from a lack of verification in the extension's code, enabling any script running in the browser to communicate with Claude's language model. This has led to potential exploits, such as extracting files from Google Drive, surveilling email activity, and accessing private source code. The vulnerability undermines Chrome's extension security model by allowing privilege escalation across extensions. 
