Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Overview

Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if the user wrote them," Koi Security researcher Oren Yomtov said in a report shared with The Hacker News.

Organisations Involved

The following organisations are mentioned in relation to this incident: Any Website
Cybersecurity, Claude Extension Flaw Enabled Zero, Claude Google Chrome Extension, Google, Koi Security, Oren Yomtov.

Multi-Source Coverage

This event has been reported across multiple outlets:

• Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website — thehackernews

Sources: thehackernews. Aggregated by Cybernews Agency pipeline.