Critical Claude for Chrome Vulnerabilities Put Gmail, Docs, and Calendar Data at Risk
Leave a Comment / Cybersecurity, Data Protection, Enterprise Technology, Industry News / By cxojunction
Anthropic‘s Claude for Chrome browser extension has come under scrutiny after two unpatched security flaws were found to expose sensitive Google Workspace data. The discovery has intensified concerns over the growing access AI-powered browser tools have to users’ emails, documents, and calendars.

The issues were first disclosed by Manifold in May 2026 and remain reproducible in the latest v1.0.80, released on July 7, 2026. One weakness lies in Claude’s content script, which does not verify whether a click is genuinely user-initiated through the event.isTrusted check. This enables another browser extension with script access on claude.ai to simulate a click using just six lines of JavaScript and trigger one of nine built-in prompts without the user’s knowledge.
Among those prompts are actions that can read Gmail and interact with emails, including clicking unsubscribe links, open the latest Google Doc to view comments, and scan Google Calendar to create meetings. Users operating in the default “Ask before acting” mode will still receive an approval request, whereas those who have enabled “Act without asking” could have these tasks carried out silently. The severity of this behavior earned the bug a critical CVSS score of 9.6.
A separate architectural weakness allows Claude to enter a privileged, no-consent mode whenever it loads a URL containing ?skipPermissions=true, without requiring any user interaction. Although only the extension can currently generate this URL, Manifold warned that any future message handler flaw, XSS vulnerability, or regression enabling external code to construct it could provide silent access to connected Google services. Both findings map to the OWASP Top 10 for LLM Applications, specifically prompt injection (LLM01) and excessive agency (LLM06).
The incident highlights growing concerns over how AI browser extensions manage trust boundaries between third-party scripts and privileged actions. Although Manifold recommended validating event.isTrusted and removing URL-based privilege escalation, neither fix has been implemented. Anthropic acknowledged the reports, but researcher Ax Sharma confirmed on July 7 that the vulnerable code remains unchanged. The findings reinforce the need for stronger security controls and timely patching to better protect sensitive business and user data.
CXO Junction remains dedicated to providing you with exclusive insights into transformative leadership journeys. Stay tuned for more updates as we continue to bring industry news to you.
Source: Claude for Chrome Vulnerability Lets Attackers Read Gmail, Docs, and Calendar Data | Cyber Security News | https://cybersecuritynews.com/claude-for-chrome-vulnerability/
