CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Prompt Injection Vulnerabilities in Anthropic's Claude Desktop Extensions

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Three of Anthropic’s official extensions for Claude Desktop were vulnerable to prompt injection. The affected extensions are the Chrome, iMessage, and Apple Notes connectors. These extensions run unsandboxed with full system permissions, allowing for potential remote code execution (RCE) if exploited. The vulnerabilities were reported through Anthropic's HackerOne program on July 3 and verified as high severity (CVSS 8.9). The issue arises from unsanitized command injection, which could enable malicious actors to execute commands on a user's device. The extensions are packaged as Model Context Protocol (MCP) servers and allow Claude, the underlying large language model (LLM), to act on behalf of the user. The vulnerabilities could lead to the theft of sensitive information, including SSH keys, AWS credentials, and browser passwords.

Timeline

  1. 05.11.2025 12:30 1 articles · 5d ago

    Prompt Injection Vulnerabilities in Anthropic's Claude Desktop Extensions Disclosed

    Researchers at Koi Security discovered that three of Anthropic’s official extensions for Claude Desktop were vulnerable to prompt injection. The affected extensions are the Chrome, iMessage, and Apple Notes connectors. These extensions run unsandboxed with full system permissions, allowing for potential remote code execution (RCE) if exploited. The vulnerabilities were reported through Anthropic's HackerOne program on July 3 and verified as high severity (CVSS 8.9). The issue arises from unsanitized command injection, which could enable malicious actors to execute commands on a user's device and steal sensitive information.

    Show sources
    Open in new tab

Information Snippets