Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

CentryNex

Cybersecurity researchers have disclosed a vulnerability in Anthropic’s Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page.
The flaw “allowed any website to silently inject prompts into that assistant as if the user wrote them,” Koi Security researcher Oren Yomtov said in a report shared with The Hacker News. “No clicks, no

SOURCE:

Share the Post:

Related News

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense

Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception

Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

CentryNex

Related News

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception

Company

Services

Contact Us