Prompt Injection Flaw in Claude Chrome Extension Allows AI Agent Takeover

Researchers found that lax extension permissions and improper trust implementation in Anthropic’s Claude Chrome extension allow attackers to inject malicious prompts into the AI agent. A compromised or malicious page visited through the browser can issue arbitrary instructions to Claude, potentially exfiltrating session data or performing unauthorized actions. This is a concrete real-world instance of prompt injection at the browser agent layer. Users of the Claude Chrome extension should update to the latest version; enterprise deployments should review agentic permission scopes and restrict extension access to trusted sites.