Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical Vulnerability in Claude Extension Exposes Google Data

Critical Vulnerability in Claude Extension Exposes Google Data

Posted on July 14, 2026 By CWS

Two significant security vulnerabilities have been discovered in Anthropic’s Claude for Chrome browser extension, posing a severe threat to Google data privacy. Despite the release of multiple updates, these flaws remain unpatched, allowing attackers to access Gmail, Google Docs, and Calendar data using a simple script.

Discovery of the Vulnerabilities

Researchers from Manifold initially identified these vulnerabilities in May 2026. However, the issues persist in the latest extension version 1.0.80, released on July 7, 2026. These vulnerabilities are embedded in Claude’s content script and side panel, which, if exploited, can lead to unauthorized data access.

The first flaw stems from Claude’s content script, which processes user interactions without verifying if they are genuine. This oversight allows other browser extensions to simulate user clicks, prompting Claude to execute certain actions without user consent. Three of these actions involve reading Gmail, accessing Google Docs comments, and interacting with Google Calendar events.

Implications of the Security Flaws

In its default setting, Claude prompts users for approval before taking any actions. However, if the “Act without asking” mode is enabled, these actions occur silently, posing a critical risk rated at CVSS 9.6. This vulnerability highlights serious security concerns, especially for users who might unknowingly have this feature activated.

The second vulnerability relates to Claude’s side panel, which can enter a privileged mode without user consent when a specific URL parameter is used. Although this is not currently exploitable by external actors, it represents a potential future threat if new vulnerabilities arise, allowing unauthorized code to exploit this mechanism and gain full account access.

Response and Future Outlook

Both security issues align with known AI security challenges, including prompt injection and excessive agency. Proposed solutions involve implementing checks on user interactions and eliminating URL-based privilege escalations. However, these fixes have not yet been deployed.

Anthropic acknowledged the vulnerabilities quickly but has yet to implement a resolution, despite marking the issues as “Resolved.” This situation echoes a previous incident, ClaudeBleed, where a supposed fix was found inadequate, raising questions about the effectiveness of current security measures in AI browser extensions.

The ongoing failure to address these vulnerabilities underscores the urgent need for enhanced security protocols in browser extensions that handle sensitive data. As the digital landscape evolves, ensuring robust protection against such threats becomes increasingly critical.

Cyber Security News Tags:AI security, Anthropic, browser extension, Chrome extension, Claude, Google data, JavaScript, Manifold researchers, security flaw, Vulnerability

Post navigation

Previous Post: Adobe Releases Critical Security Updates for ColdFusion
Next Post: Exploit in Microsoft Entra Allows Credential Validation

Related Posts

Stock Exchange Exec’s Email Breach: Insights Revealed Stock Exchange Exec’s Email Breach: Insights Revealed Cyber Security News
Vulnerability in Claude Code GitHub Actions Exposed Vulnerability in Claude Code GitHub Actions Exposed Cyber Security News
BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability Cyber Security News
Meta’s Llama Firewall Bypassed Using Prompt Injection Vulnerability Meta’s Llama Firewall Bypassed Using Prompt Injection Vulnerability Cyber Security News
Oblivion RAT: New Android Threat with Hidden Control Oblivion RAT: New Android Threat with Hidden Control Cyber Security News
Let’s Encrypt Started to Issue SSL/TLS Certificate for IP Address Let’s Encrypt Started to Issue SSL/TLS Certificate for IP Address Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Microsoft Fixes 570 Vulnerabilities in Major Update
  • Synopsys Denies Data Breach Amid Bosch Hack Allegations
  • Exploit in Microsoft Entra Allows Credential Validation
  • Critical Vulnerability in Claude Extension Exposes Google Data
  • Adobe Releases Critical Security Updates for ColdFusion

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Microsoft Fixes 570 Vulnerabilities in Major Update
  • Synopsys Denies Data Breach Amid Bosch Hack Allegations
  • Exploit in Microsoft Entra Allows Credential Validation
  • Critical Vulnerability in Claude Extension Exposes Google Data
  • Adobe Releases Critical Security Updates for ColdFusion

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark