ClaudeBleed: A Flaw In Claude’s Browser Extension Allows Any Extension to Hijack It
Summary
LayerX researchers disclose a zero-permission vulnerability in Claude's Chrome extension that lets any extension hijack Claude, exfiltrate data, and perform user-privileged actions. The piece analyzes the root trust boundary issue, impact across services (Gmail, Drive, GitHub), real-world attack scenarios, and partial mitigations, highlighting that core architectural flaws remain despite fixes.