Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical Vulnerability in Claude Extension Exposes Google Data

Critical Vulnerability in Claude Extension Exposes Google Data

Posted on July 14, 2026 By CWS

Two significant security vulnerabilities have been discovered in Anthropic’s Claude for Chrome browser extension, posing a severe threat to Google data privacy. Despite the release of multiple updates, these flaws remain unpatched, allowing attackers to access Gmail, Google Docs, and Calendar data using a simple script.

Discovery of the Vulnerabilities

Researchers from Manifold initially identified these vulnerabilities in May 2026. However, the issues persist in the latest extension version 1.0.80, released on July 7, 2026. These vulnerabilities are embedded in Claude’s content script and side panel, which, if exploited, can lead to unauthorized data access.

The first flaw stems from Claude’s content script, which processes user interactions without verifying if they are genuine. This oversight allows other browser extensions to simulate user clicks, prompting Claude to execute certain actions without user consent. Three of these actions involve reading Gmail, accessing Google Docs comments, and interacting with Google Calendar events.

Implications of the Security Flaws

In its default setting, Claude prompts users for approval before taking any actions. However, if the “Act without asking” mode is enabled, these actions occur silently, posing a critical risk rated at CVSS 9.6. This vulnerability highlights serious security concerns, especially for users who might unknowingly have this feature activated.

The second vulnerability relates to Claude’s side panel, which can enter a privileged mode without user consent when a specific URL parameter is used. Although this is not currently exploitable by external actors, it represents a potential future threat if new vulnerabilities arise, allowing unauthorized code to exploit this mechanism and gain full account access.

Response and Future Outlook

Both security issues align with known AI security challenges, including prompt injection and excessive agency. Proposed solutions involve implementing checks on user interactions and eliminating URL-based privilege escalations. However, these fixes have not yet been deployed.

Anthropic acknowledged the vulnerabilities quickly but has yet to implement a resolution, despite marking the issues as “Resolved.” This situation echoes a previous incident, ClaudeBleed, where a supposed fix was found inadequate, raising questions about the effectiveness of current security measures in AI browser extensions.

The ongoing failure to address these vulnerabilities underscores the urgent need for enhanced security protocols in browser extensions that handle sensitive data. As the digital landscape evolves, ensuring robust protection against such threats becomes increasingly critical.

Cyber Security News Tags:AI security, Anthropic, browser extension, Chrome extension, Claude, Google data, JavaScript, Manifold researchers, security flaw, Vulnerability

Post navigation

Previous Post: Adobe Releases Critical Security Updates for ColdFusion

Related Posts

WebKit Exploit Forces iOS Safari Users onto Scam Pages WebKit Exploit Forces iOS Safari Users onto Scam Pages Cyber Security News
CISA Issues ICS Advisories for Rockwell Automation, VMware, and Güralp Seismic Monitoring Systems CISA Issues ICS Advisories for Rockwell Automation, VMware, and Güralp Seismic Monitoring Systems Cyber Security News
Scattered Lapsus$ Hunters Launched a New Leak Site to Release Data Stolen from Salesforce Instances Scattered Lapsus$ Hunters Launched a New Leak Site to Release Data Stolen from Salesforce Instances Cyber Security News
New XWorm V6 Variant’s With Anti-Analysis Capabilities Attacking Windows Users in The Wild New XWorm V6 Variant’s With Anti-Analysis Capabilities Attacking Windows Users in The Wild Cyber Security News
Microsoft MFA Faces Major Disruption with 504 Errors Microsoft MFA Faces Major Disruption with 504 Errors Cyber Security News
ToolShell Exploit Chain Attacking SharePoint Servers to Gain Complete Control ToolShell Exploit Chain Attacking SharePoint Servers to Gain Complete Control Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Vulnerability in Claude Extension Exposes Google Data
  • Adobe Releases Critical Security Updates for ColdFusion
  • LabubaRAT Disguises as NVIDIA Software to Infiltrate Systems
  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Vulnerability in Claude Extension Exposes Google Data
  • Adobe Releases Critical Security Updates for ColdFusion
  • LabubaRAT Disguises as NVIDIA Software to Infiltrate Systems
  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark