Vulnerability in Claude Chrome Extension Exposes Users to Zero-Click Attacks
A critical vulnerability known as ShadowPrompt has been identified in the Claude Google Chrome Extension, developed by Anthropic, which could enable attackers to manipulate the AI assistant without any user engagement. Koi Security researcher Oren Yomtov discovered this issue, which chains a permissive origin allowlist and a DOM-based cross-site scripting (XSS) flaw, posing significant risks to users.
The ShadowPrompt vulnerability leverages an overly permissive allowlist allowing any subdomain under *.claude.ai to submit prompts to the Claude assistant. The secondary component, a DOM-based XSS in an Arkose Labs CAPTCHA element, allows arbitrary JavaScript execution, making it possible for attackers to craft prompts that the extension would process as genuine user requests. This architectural oversight facilitates the embedding of the vulnerable component within a hidden iframe on malicious sites, facilitating the unauthorized execution of commands without any user consent.
This zero-click attack method marks a significant escalation in the threat landscape as it circumvents typical user defenses. The attacker exploits the trust the extension places in its origin, allowing them to gain control over the browser context and manipulate user interactions covertly. The potential consequences of such exploitation are alarming. Attackers could steal sensitive data, access the user’s conversations, or impersonate the victim to engage in unauthorized activities.
Defensive Context
Organizations using the Claude Chrome Extension should be particularly vigilant. Users in environments where sensitive data processing or communication occurs should view this vulnerability as a high priority. Conversely, users not engaged with sensitive tasks may find the risk lower but still noteworthy due to the potential for broader exploitation.
Why This Matters
The implications of ShadowPrompt are severe, especially for those relying on the Claude extension for handling sensitive conversations. Organizations must recognize that risks related to browser extensions are often underestimated, and given the nature of this vulnerability, targeted phishing attacks that utilize it could become a prevalent threat.
Defender Considerations
Defenders should prioritize the immediate update of the Claude extension to version 1.0.41, which enforces stricter origin checks. Awareness and training for users regarding the existence of such vulnerabilities will be crucial to preemptively mitigate risks associated with browser extensions.
Environment Exposure
This vulnerability is particularly relevant for users of the Claude Chrome Extension who interact with sensitive information. Exploitation could occur through compromised web pages or social engineering tactics intended to redirect victims to malicious sites. However, environments that do not utilize this extension may not be affected.
Indicators of Compromise (IoCs)
While no concrete IoCs like IP addresses or domains were detailed in the article, being aware of the extension’s version and associated components can guide defenses against potential exploitation avenues.
