ADVERTISEMENT

Anthropic releases fix for severe Claude Chrome extension flaw – researcher hacks patch in 3 hours

Anthropic has released only a partial fix for a flaw in Claude Code's Chrome extension – allowing any browser extension to hijack the AI assistant and act as the user – and researchers say they hacked the patch in just 3 hours.

Claude browser extension

Claude in Chrome browser extension. Image by Anthropic

Stefanie Schappert
Stefanie Schappert Senior Journalist
May 8, 2026 Updated: 8 May 2026 3 min read
Key takeaways:
Anthropic
Anthropic’s Claude Chrome extension is still in beta. Image by gguy | Shutterstock

Any extension could hijack Claude actions

Claude Chrome Extension flaw 1
LayerX shows how the Claude Chrome extension trust boundary could be abused. Image by LayerX

Researcher bypasses Anthropic’s fix in hours

Claude Code Chrome browser
Claude in Chrome lets users test code directly in the browser Image by Anthropic
ADVERTISEMENT
Claude Chrome Extension flaw 2
LayerX shows how approval checks could be bypassed through privileged mode. Image by LayerX

AI agent flaw opens “severe” attack path

Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
  • Introduce extension-to-page authentication tokens, such as signed requests
  • Restrict externally_connectable to trusted extension IDs instead of origins
  • Bind user approvals to specific actions, one-time tokens, and non-replayable flows

ADVERTISEMENT