CISOOnline

New bugs in Claude for Chrome allow extensions to abuse AI privileges

Synthetic clicks trick trusted AI

The first vulnerability stems from how Claude for Chrome handles user interaction before executing privileged actions. According to Manifold, the extension’s click handler does not verify whether an approval click originated from a real user through the browser’s “event.isTrusted” property.

Meaning, another browser extension capable of injecting scripts into Claude.ai can generate synthetic clicks that Claude accepts as legitimate.

In default configurations, the attack can automatically trigger one of Claude’s predefined browser tasks before presenting an approval dialog. However, if users have enabled the extension’s “Act without asking” mode, Claude may execute those actions silently, allowing an attacker to retrieve Gmail content, Google Docs data, or Calendar information, the researcher noted.



Source link