A critical security flaw in Anthropic's Claude Google Chrome Extension allowed malicious websites to silently inject prompts into the AI assistant without any user interaction. The vulnerability enabled zero-click cross-site scripting (XSS) attacks that could execute malicious prompts simply by visiting a compromised webpage.
According to Koi Security researcher Oren Yomtov, the flaw allowed any website to inject prompts into Claude as if the user had written them directly. The attack required no clicks or user engagement, making it particularly dangerous for unsuspecting users browsing the web with the extension enabled.