A critical design flaw in Anthropic’s “Claude in Chrome” browser extension, dubbed ClaudeBleed, allows any malicious Chrome extension, even one with zero declared permissions, to silently hijack Claude and exfiltrate sensitive data from Gmail, Google Drive, and GitHub. Discovered by LayerX security researcher Aviad Gispan and published on May 7, 2026, the vulnerability remains only […]
The post Claude Chrome Extension Flaw Lets Malicious Extensions Steal Gmail and Google Drive Data appeared first on Cyber Security News.