Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension. This flaw could have been exploited to trigger malicious prompts simply by visiting a web page. It allowed any website to silently inject prompts into that assistant as if the user wrote them. Koi Security researcher Oren Yomtov stated this in a report shared with The Hacker News.
Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension. This flaw could have been exploited to trigger malicious prompts simply by visiting a web page. It allowed any website to silently inject prompts into that assistant as if the user wrote them.
Koi Security researcher Oren Yomtov stated this in a report shared with The Hacker News. He noted that "No clicks, no" further user interaction was required, emphasizing the severity of this zero-click prompt injection vulnerability.