THE article discusses a vulnerability in the 'Claude for Chrome' browser extension, known as ClaudeBleed, which could allow malicious extensions to control the assistant and access users' Gmail and other services without their knowledge. This flaw enables rogue extensions to masquerade as legitimate commands, potentially letting them read emails, send messages, and manipulate documents. Despite previous attempts by Anthropic to address the issues raised by researchers, the fundamental problems remain unresolved.
To enhance security, users are advised to disable automatic permissions, be cautious about the extensions they install, and limit the assistant’s access to sensitive accounts.