{"data":{"id":"5744eae9-b8e3-47dc-8b93-d259ad001f4a","title":"Unpatched Claude for Chrome Flaw Lets Extensions Read Gmail, Calendar","summary":"Two unpatched security flaws in Claude for Chrome (Anthropic's browser extension that can take actions on a user's behalf) allow a malicious extension to trick Claude into reading Gmail, Google Docs, and calendar data without real user approval. The vulnerabilities bypass the extension's safety checks by faking user clicks and can operate silently if the user has enabled the extension's autonomous mode ('Act without asking'), and researchers say this remains exploitable in the latest version 1.0.80.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.securityweek.com/unpatched-claude-for-chrome-flaw-lets-extensions-read-gmail-calendar/","publishedAt":"2026-07-14T13:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude for Chrome","Claude"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-14T13:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"plugin","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}