Anthropic Claude’s Chrome browser extension, known as Claude in Chrome, has a bug that can allow other malicious extensions to hijack it, compromising trusted AI workflows.
Researchers at LayerX Security have warned that Claude’s overly trusted browser communication flows can be abused to inject scripts that can potentially hijack the assistant’s capabilities and manipulate browsing sessions.
LayerX is calling the flaw  “ClaudeBleed.”
“LayerX reported the flaw to Anthropic,” LayerX researcher Aviad Gispan said in a blog post. “Anthropic replied that they were already aware of the issue and that it would be fixed in the next version of the extension.” However, Gispan added, Anthropic’s fix w...