Claude Chrome Extension Zero‑Click Prompt Injection Vulnerability Affects AI Assistant Users
What Happened — Researchers at Koi Security uncovered a zero‑click cross‑site scripting (XSS) flaw in Anthropic’s Claude Google Chrome extension. The vulnerability allows any website a visitor loads to silently inject arbitrary prompts into the Claude assistant, causing the AI to execute malicious instructions without any user interaction.
Why It Matters for TPRM
- Attackers can manipulate AI‑generated content, potentially steering downstream business processes that rely on Claude’s outputs.
- Prompt injection can be used to exfiltrate sensitive data entered into the assistant or to trigger actions on integrated SaaS tools.
- The flaw is exploitable on any device with the extension installed, expanding the attack surface across multiple business units.
Who Is Affected — Technology‑SaaS providers, enterprises that embed Claude into internal workflows, and any organization that permits employees to install browser extensions (e.g., finance, healthcare, and professional services).
Recommended Actions
- Immediately disable or uninstall the Claude Chrome extension on all corporate devices.
- Apply any patches released by Anthropic as soon as they become available.
- Review browser extension policies and enforce least‑privilege controls for third‑party add‑ons.
- Monitor for anomalous Claude prompt activity and audit logs for unexpected AI responses.
Technical Notes — The flaw is a zero‑click XSS prompt injection triggered by crafted web content, bypassing user interaction. No CVE has been assigned yet, but the vulnerability is classified as a high‑severity client‑side code execution issue. Affected data includes any user‑provided prompts, which may contain proprietary or personal information. Source: The Hacker News