Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical Flaws in Claude for Chrome Allow Unauthorized Access

Critical Flaws in Claude for Chrome Allow Unauthorized Access

Posted on July 14, 2026 By CWS

Significant security vulnerabilities remain unaddressed in Claude for Chrome, as reported by AI security firm Manifold. These issues, identified in May, continue to pose risks in the latest release of the agentic browser extension by Anthropic.

Uncovering the Vulnerabilities

Manifold has revealed that the flaws allow malicious browser extensions to manipulate Claude into executing commands without user consent. Through these vulnerabilities, attackers may gain unauthorized access to Gmail, Google Docs, and calendar entries, exploiting the lack of user verification in the extension’s interaction process.

The vulnerabilities trace back to a previous fix aimed at a similar issue known as ClaudeBleed. This earlier update was intended to limit external webpage inputs to Claude, restricting its functions to a set of pre-approved tasks. However, the current mechanism fails to authenticate real user clicks, enabling other extensions to initiate actions deceitfully.

Potential Exploits and Risks

In its default configuration, Claude presents a confirmation prompt before any sensitive action. Nevertheless, if the extension is set to ‘Act without asking,’ attackers can bypass this prompt, proceeding without alerting the user. Additionally, Manifold identified a design flaw allowing direct activation of no-confirmation mode via a URL parameter, which poses a structural risk if future bugs emerge.

Although this aspect isn’t currently exploitable, as only the extension can construct the URL, Manifold warns that any bug permitting external script influence might give attackers unobstructed access to user accounts. Such risks underscore the importance of a comprehensive fix rather than temporary mitigations.

Response from Anthropic and Future Outlook

Manifold communicated its findings to Anthropic on May 21, following the public revelation of the ClaudeBleed issue. Anthropic acknowledged the list of pre-approved tasks as a preliminary measure until a full resolution is achieved. However, Manifold points out that none of the eight subsequent versions, including 1.0.80, have effectively addressed these vulnerabilities.

SecurityWeek has reached out to Anthropic for further comments on the situation. As the industry continues to grapple with AI-related security challenges, the need for robust and proactive measures remains critical to safeguard user data and maintain trust in AI-powered solutions.

Security Week News Tags:AI security, Anthropic, browser extension, calendar entry, Claude for Chrome, Cybersecurity, Gmail access, Google Docs, Manifold, security flaw, Vulnerabilities

Post navigation

Previous Post: Old Microsoft UEFI Shims Pose Secure Boot Risk
Next Post: Qilin Ransomware Exploits Active Directory with DCSync

Related Posts

Google Security Layoffs and Major Cybersecurity Incidents Google Security Layoffs and Major Cybersecurity Incidents Security Week News
Hackers Target Casino Operator Boyd Gaming Hackers Target Casino Operator Boyd Gaming Security Week News
OpenAI Expands ChatGPT Security Features Globally OpenAI Expands ChatGPT Security Features Globally Security Week News
AI Systems Vulnerable to Prompt Injection via Image Scaling Attack AI Systems Vulnerable to Prompt Injection via Image Scaling Attack Security Week News
Windows PhantomRPC Flaw Lacks Immediate Fix Windows PhantomRPC Flaw Lacks Immediate Fix Security Week News
How to Close the AI Governance Gap in Software Development How to Close the AI Governance Gap in Software Development Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • CISA Alerts on Cisco IOS Vulnerability Exploitation
  • Critical Fixes for VMware Avi Load Balancer Vulnerabilities
  • RabbitMQ Vulnerabilities Expose OAuth Secrets, Threaten Security
  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • CISA Alerts on Cisco IOS Vulnerability Exploitation
  • Critical Fixes for VMware Avi Load Balancer Vulnerabilities
  • RabbitMQ Vulnerabilities Expose OAuth Secrets, Threaten Security
  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark