AA

New.

Koi: ShadowPrompt: How Any Website Could Have Hijacked Claude's Chrome Extension https://www.koi.ai/blog/shadowprompt-how-any-website-could-have-hijacked-anthropic-claude-chrome-extension

More:

The Hacker News: Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website https://thehackernews.com/2026/03/claude-extension-flaw-enabled-zero.html @thehackernews #infosec #Claude #Anthropic #vulnerability #Chrome #Google #threatresearch

ShadowPrompt: How Any Website Could Have Hijacked Claude's Chrome Extension

We found a vulnerability in Claude's Chrome Extension that let any website silently inject prompts into your AI-powered browser session. By chaining a wildcard origin allowlist with a DOM-based XSS in a CAPTCHA subdomain, an attacker could steal credentials, read your email, and act as you - all from an invisible iframe.

Mar 26 at 3:33pmWeb