Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

2 hours ago [email protected] (The Hacker News)
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website


Cybersecurity researchers have disclosed a vulnerability in Anthropic’s Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page.
The flaw “allowed any website to silently inject prompts into that assistant as if the user wrote them,” Koi Security researcher Oren Yomtov said in a report shared with The Hacker News. “No clicks, no

The post “Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website” appeared first on The Hacker News

Source:The Hacker News – [email protected] (The Hacker News)

Tags: , , ,

More Stories

[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks

4 hours ago [email protected] (The Hacker News)

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks

4 hours ago [email protected] (The Hacker News)

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

9 hours ago [email protected] (The Hacker News)

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

22 hours ago [email protected] (The Hacker News)

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

1 day ago [email protected] (The Hacker News)

The Kill Chain Is Obsolete When Your AI Agent Is the Threat

1 day ago [email protected] (The Hacker News)