negativeSYS.SOURCE: The Hacker News• 2026-07-14T22:57:23+05:30
Claude for Chrome Vulnerability Allows Rogue Extensions to Trigger Gmail Data Access
A vulnerability in Claude for Chrome allows rogue browser extensions to trigger unauthorized access to Gmail, Google Docs, and Calendar data through forged clicks. The flaw remains unpatched in version 1.0.80, with CVSS scores of 7.7 (High) and 9.6 (Critical) depending on user settings.
Any other browser extension that can run a script on claude.ai can still trigger Claude for Chrome tasks aimed at your Gmail, your latest Google Doc and its comments, and your Calendar.
Both this and ClaudeBleed need a rogue extension that can already run a script on claude.ai; the difference is scope. Anthropic restricted the arbitrary-prompt path in May as part of its response to the
*** END OF TRANSMISSION ***