HackerFeeds

CyberSecurity News

Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads

The Hacker News
· July 14, 2026

AI summary

A vulnerability in Claude for Chrome allows malicious browser extensions to trigger tasks that access a user's Gmail, Google Doc, and Calendar. This can happen if a rogue extension can run a script on claude.ai. The issue requires a malicious extension that already has the ability to run scripts on claude.ai. The scope of this vulnerability differs from another issue known as ClaudeBleed, which also relies on a rogue extension with script-running capabilities. The vendor, Anthropic, had previously restricted the arbitrary-prompt path in response to related concerns.

Read the full article at The Hacker Newsthehackernews.com/2026/07/claude-for-chrome-flaw-lets-other.html

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.