“ClaudeBleed” allows any Chrome extension to control Anthropic’s AI assistant

📅 7 May 2026 at 20:25 UTC📰 Cyber InsiderView original source ↗

A critical flaw in Anthropic’s “Claude in Chrome” browser extension allows any Chrome extension, even one with zero permissions, to hijack Claude’s AI capabilities and perform sensitive actions on behalf of users. The issue, discovered by LayerX and dubbed “ClaudeBleed,” could enable attackers to steal emails, access private GitHub repositories, exfiltrate Google Drive files, and … The post “ClaudeBleed” allows any Chrome extension to control Anthropic’s AI assistant appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A critical flaw in Anthropic's 'Claude in Chrome' browser extension allows any Chrome extension, even with zero permissions, to hijack Claude's AI capabilities and perform sensitive actions on behalf of users.

⚙️Technical Details

💥Impact Assessment

Severity: critical

Who Is at Risk

Users of Anthropic's 'Claude in Chrome' browser extension

🛡️Recommended Actions

1Review installed browser extensions carefully and avoid unnecessary add-ons

2Disable autonomous AI browsing modes

3Implement authenticated message signing for extension communications

📦Affected Products

Product Name: Anthropic's 'Claude in Chrome' browser extensionAffected Software: Chrome browser

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider ↗

← Back to feed