{"id":243520,"date":"2026-05-08T09:07:00","date_gmt":"2026-05-08T13:07:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/08\/flaw-in-claudes-chrome-extension-allowed-any-other-plugin-to-hijack-victims-ai\/"},"modified":"2026-05-11T06:40:11","modified_gmt":"2026-05-11T10:40:11","slug":"flaw-in-claudes-chrome-extension-allowed-any-other-plugin-to-hijack-victims-ai","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/08\/flaw-in-claudes-chrome-extension-allowed-any-other-plugin-to-hijack-victims-ai\/","title":{"rendered":"Flaw in Claude\u2019s Chrome extension allowed \u2018any\u2019 other plugin to hijack victims\u2019 AI"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/claude-chrome-extension-allows-plugins-to-hijack-ai\/\">Flaw in Claude\u2019s Chrome extension allowed \u2018any\u2019 other plugin to hijack victims\u2019 AI<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/claude-chrome-extension-allows-plugins-to-hijack-ai\/\">https:\/\/cyberscoop.com\/claude-chrome-extension-allows-plugins-to-hijack-ai\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-08 09:07:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>As businesses and governments turn to AI agents to access the internet and perform higher-level tasks, researchers continue to find serious flaws in large language models that can be exploited by bad actors.<\/p>\n<p>The latest discovery comes from browser security firm LayerX, involving a bug in the Chrome extension for Anthropic\u2019s Claude AI model that allows any other plugin \u2013 even ones without special permissions \u2013 to embed hidden instructions that can take over the agent.\u00a0<\/p>\n<p>\u201cThe flaw stems from an instruction in the extension\u2019s code that allows any script running in the origin browser to communicate with Claude\u2019s LLM, but does not verify who is running the script,\u201d wrote LayerX senior researcher Aviad Gispan. \u201cAs a result, any extension can invoke a content script (which does not require any special permissions) and issue commands to the Claude extension.\u201d<\/p>\n<p>Gispan said he was able to execute any prompt he wanted, blow through Claude\u2019s safety guardrails, evade user confirmation and perform cross-site actions across multiple Google tools. As a proof of concept, LayerX was able to exploit the flaw to extract files from Google Drive folders and share them with unauthorized parties, surveil recent email activity and send emails on behalf of a user, and pilfer private source code from a connected GitHub repository.<\/p>\n<p>The vulnerability \u201ceffectively breaks Chrome\u2019s extension security\u201d by creating \u201ca privilege escalation primitive across extensions, something Chrome\u2019s security model is explicitly designed to prevent,\u201d Gispan wrote.<\/p>\n<p>A graphic depicting how a vulnerability exploits the trust boundaries in Clade Chrome\u2019s extension. (Source: LayerX)<\/p>\n<p>Claude relies on text, user interface semantics, and interpretation of screenshots to make decisions, all things that an attacker can control on the input side. The researchers modified Claude\u2019s user interface to remove labels and indicators around sensitive information, like&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/claude-chrome-extension-allows-plugins-to-hijack-ai\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Flaw in Claude\u2019s Chrome extension allowed \u2018any\u2019 other plugin to hijack victims\u2019 AI https:\/\/cyberscoop.com\/claude-chrome-extension-allows-plugins-to-hijack-ai\/ Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":243521,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2026\/05\/Screenshot-2026-05-08-at-8.47.41-AM.png?w=1024","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,31,17,27],"class_list":["post-243520","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-exploit","tag-llm","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243520"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=243520"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243520\/revisions"}],"predecessor-version":[{"id":243522,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243520\/revisions\/243522"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/243521"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=243520"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=243520"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=243520"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}