Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI

The report describes a serious security flaw in Anthropic’s Claude Chrome extension discovered by LayerX: an extension API allowed unverified scripts and other extensions to send hidden instructions to the Claude agent, enabling privilege escalation across extensions. Researchers demonstrated proof-of-concept attacks that bypassed safety guardrails to exfiltrate Google Drive files, read and send Gmail messages, and access private GitHub repositories. LayerX disclosed the issue to Anthropic, which issued a partial fix, but researchers reported remaining scenarios where the agent could still be hijacked.