Unpatched Claude for Chrome Flaw Lets Extensions Read Gmail, Calendar
Summary
Two unpatched security flaws in Claude for Chrome (Anthropic's browser extension that can take actions on a user's behalf) allow a malicious extension to trick Claude into reading Gmail, Google Docs, and calendar data without real user approval. The vulnerabilities bypass the extension's safety checks by faking user clicks and can operate silently if the user has enabled the extension's autonomous mode ('Act without asking'), and researchers say this remains exploitable in the latest version 1.0.80.
Classification
Affected Vendors
Related Issues
Original source: https://www.securityweek.com/unpatched-claude-for-chrome-flaw-lets-extensions-read-gmail-calendar/
First tracked: July 14, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%