Claude in Chrome is taking orders from the wrong extensions
Summary
Claude in Chrome, Anthropic's browser extension, has a bug called ClaudeBleed that allows malicious extensions to hijack it and trick it into performing unauthorized actions like stealing files, sending emails, or stealing code from private repositories. The vulnerability exists because the extension trusts any script from its origin (claude.ai) without checking who is actually running it, breaking Chrome's normal security model. Anthropic released a partial fix in version 1.0.70 on May 6, but researchers found the vulnerability can still be exploited by switching the extension to privileged mode.
Solution / Mitigation
Anthropic released version 1.0.70 on May 6 with added security checks that prevent extensions from executing remote commands in standard mode. The company also stated that 'a fix that removes the affected message handler has been merged and will ship in an upcoming extension release,' though the source notes this promised fix did not fully materialize in version 1.0.70.
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4168867/claude-in-chrome-is-taking-orders-from-the-wrong-extensions.html
First tracked: May 8, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 92%