TechFlow News: On March 27, according to a report by Koi cited by GoPlus, Anthropic’s Claude Chrome extension contains a high-severity prompt injection vulnerability affecting all extension versions prior to 1.0.41.
Attackers can construct malicious web pages that silently load an iframe containing a cross-site scripting (XSS) vulnerability in the background. This allows execution of malicious payloads within the a-cdn.claude.ai subdomain. Since this subdomain is included in the extension’s trusted whitelist, attackers can directly deliver and automatically execute malicious prompts to the Claude extension—without requiring user authorization or any click interaction, rendering victims completely unaware.
This vulnerability enables attackers to manipulate the Claude extension to read users’ Google Drive documents, steal business access tokens, or export chat histories. Furthermore, attackers may hijack the current browser session and perform sensitive operations—such as sending emails—under the victim’s identity.
GoPlus recommends users immediately update the Claude extension to version 1.0.41 or later and remain vigilant against phishing links.
