Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Summary
A vulnerability called ShadowPrompt in Anthropic's Claude Chrome extension allowed attackers to inject malicious prompts (hidden instructions) into the AI without user interaction by exploiting two flaws: an overly permissive allowlist that trusted any subdomain matching *.claude.ai, and an XSS vulnerability (a security flaw allowing attackers to run malicious code) in an Arkose Labs CAPTCHA component. This zero-click attack could let attackers steal sensitive data, read conversation history, or perform actions like sending emails on behalf of the victim.
Solution / Mitigation
Anthropic deployed a patch to the Chrome extension (version 1.0.41) that enforces a strict origin check requiring an exact match to the domain 'claude.ai' rather than accepting any subdomain. Additionally, Arkose Labs fixed the underlying XSS flaw as of February 19, 2026.
Classification
Affected Vendors
Related Issues
Original source: https://thehackernews.com/2026/03/claude-extension-flaw-enabled-zero.html
First tracked: March 26, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%