ClaudeBleed Vulnerability Lets Hackers Hijack Claude Chrome Extension to Steal Data

**Executive Summary:** LayerX disclosed a critical origin-based vulnerability ("ClaudeBleed") in the Claude for Chrome extension that can allow untrusted web scripts or malicious extensions to command the assistant to access Google Drive, read and summarize Gmail, send emails, and delete evidence; researchers demonstrated practical exploitation techniques (approval looping, DOM manipulation) and showed that Anthropic's patch can be bypassed by forcing a privileged mode, leaving users exposed.