Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads
Researchers have identified a security flaw in Anthropic's Claude for Chrome extension that enables other browser extensions capable of running scripts on claude.ai to trigger Claude for Chrome tasks targeting Gmail, Google Docs (including comments), and Calendar. The vulnerability, reported by The Hacker News, shares similarities with the previously disclosed ClaudeBleed issue, as both require a rogue extension that can already execute scripts on claude.ai. The key difference lies in the scope of access: this new flaw extends to personal data from Google services, while ClaudeBleed focused on different capabilities. In response to the earlier ClaudeBleed vulnerability, Anthropic restricted the arbitrary-prompt path in May 2026, but this latest finding suggests that the restriction did not fully address the underlying risk. The article does not provide specific technical details about the exploit mechanism or any official response from Anthropic regarding this particular flaw. No CVE identifier, patch status, or affected version numbers are mentioned in the source text.
Developers using Claude for Chrome must consider risks from other extensions with claude.ai script access.