According to ChainCatcher, GoPlus, citing a Koi report, has discovered a high-risk hint injection vulnerability in Anthropic's Claude Chrome extension, affecting all extensions below version 1.41.
Attackers can construct malicious web pages to silently load iframes containing cross-site scripting (XSS) vulnerabilities in the background and execute malicious payloads within the a-cdn.claude.ai subdomain. Because this subdomain is on the extension's trusted whitelist, attackers can directly send malicious prompts to the Claude extension and execute them automatically, without user authorization or any clicks, leaving the victim unaware. This vulnerability could allow attackers to manipulate the Claude extension to read user Google Drive documents, steal business access tokens, or export chat logs. It could also allow attackers to take over the current browser session and perform sensitive operations such as sending emails in the victim's name. GoPlus recommends that users immediately update their Claude extension to version 1.41 or later and be wary of phishing links.
