Tech Made Simple

Hot Topics: All Roku Players Compared | Best iPad Keyboard Cases | The Best Open Ear Earbuds of 2026

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

A Claude for Chrome flaw lets rogue extensions read your Gmail

by Suzanne Kantra on July 16, 2026

A screenshot of the Claude browser extension showing results for a search for restaurants near 100 Center St. in NYC.

Screenshot via Suzanne Kantra/Techlicious, laptop mockup via Canva

Anthropic's Claude for Chrome, a browser extension that lets the Claude AI assistant read a webpage and take actions like filling out forms or summarizing your inbox, has two unpatched security flaws that let a malicious browser extension trick it into handing over your Gmail, Google Docs, and Calendar data, according to security researchers at Manifold Security and reporting from SecurityWeek and The Hacker News.

Researchers reported both flaws to Anthropic in May. Neither has been fixed across eight versions released since, including the current version, 1.0.80, which shipped July 7.

The first flaw involves how Claude for Chrome listens for a user to click a specific onboarding button before it acts. That click handler never confirms the click actually came from a real person tapping the screen, so any other extension installed in your browser that can run code on claude.ai can fake that click with a few lines of JavaScript (the scripting language that runs inside web pages) and trigger Claude into carrying out a command as if you had asked for it yourself.

The second flaw lets an extension push Claude's side panel into what researchers describe as a privileged mode that skips normal permission checks, simply by loading a specific web address. Claude does show a warning banner once that mode activates, but by then the extension has already gained the access it wanted.

Put together, the two flaws mean a browser extension you already have installed, one with no connection to Anthropic, could read your Gmail messages, Google Docs files, and calendar entries without your knowledge, without you clicking anything or approving a single prompt.

Anthropic told researchers it reviewed both reports within a day, then closed them. The company's stated reasoning: the fake-click issue was already covered by a separate internal report, and the privileged-mode flaw couldn't be reached by anything outside Anthropic's own systems. Independent researchers dispute that second point, and both flaws remain reproducible in the current release as of this week.

If you use Claude for Chrome, the safest move right now is to check which other browser extensions you have installed and remove anything you don't recognize or actively use. The attack depends on a second malicious extension already sitting in your browser. Disabling Claude for Chrome entirely, or granting it access only when you're actively using it, removes the risk until Anthropic ships a fix.

Read next: Best antivirus software 2026: free and paid picks


Topics

News, Computers and Software, Internet & Networking, Computer Safety & Support, Blog, Privacy


Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.