Claude Chrome synthetic click security flaw
Vulnerability
Summary
Hide ▲
Show ▼
A flaw in Anthropic's Claude for Chrome browser extension lets a malicious extension simulate trusted clicks and trigger predefined AI workflows, creating abuse risk for connected services such as Gmail, Google Docs, Google Calendar, and Salesforce. The weakness is that the extension failed to check Event.isTrusted before executing a built-in task, so JavaScript-generated click events were treated like real user input. Manifold Security says the issue remains reproducible in version 1.0.80, which means the exposed workflow path is still present in the current release.
Related Happenings
Claude Chrome forged-click and skipPermissions security flaw
Vulnerability
H score35
First: 14.07.2026 20:27
Last: 14.07.2026 20:27
Sources 1
About this happening:
Claude for Chrome still accepts synthetic clicks on its onboarding button, letting a rogue extension trigger allowlisted tasks for Gmail, Google Docs, and Calendar...
Claude Chrome forged-click and skipPermissions security flaw
VulnerabilityAbout this happening: Claude for Chrome still accepts synthetic clicks on its onboarding button, letting a rogue extension trigger allowlisted tasks for Gmail, Google Docs, and Calendar...
OpenAI ChatGPT Atlas BioShocking fix
Advisory/Mitigation
H score34
First: 01.07.2026 00:50
Last: 01.07.2026 00:50
Sources 1
About this happening:
OpenAI delivered a working fix for BioShocking in ChatGPT Atlas, closing a prompt-injection path that could push an AI browser toward unsafe real-world actions and c...
OpenAI ChatGPT Atlas BioShocking fix
Advisory/MitigationAbout this happening: OpenAI delivered a working fix for BioShocking in ChatGPT Atlas, closing a prompt-injection path that could push an AI browser toward unsafe real-world actions and c...
LayerX BioShocking prompt injection against agentic browsers
Technical Analysis
H score30
First: 24.06.2026 19:05
Last: 24.06.2026 19:05
Sources 1
About this happening:
Researchers demonstrated BioShocking, a prompt-injection technique that pushed six agentic browsers and plugins past guardrails and made them copy login credentials fo...
LayerX BioShocking prompt injection against agentic browsers
Technical AnalysisAbout this happening: Researchers demonstrated BioShocking, a prompt-injection technique that pushed six agentic browsers and plugins past guardrails and made them copy login credentials fo...
QuickLens - Search Screen with Google Lens hit by network compromise
Incident
H score57
First: 28.02.2026 21:18
Last: 28.02.2026 21:18
Sources 1
About this happening:
The QuickLens - Search Screen with Google Lens Chrome extension was compromised and used to push malware to about 7,000 users, creating risk of credential theft*...
QuickLens - Search Screen with Google Lens hit by network compromise
IncidentAbout this happening: The QuickLens - Search Screen with Google Lens Chrome extension was compromised and used to push malware to about 7,000 users, creating risk of credential theft*...
AiFrame malicious Chrome extension spraying operation
Malware Activity
H score16
First: 13.02.2026 13:25
Last: 13.02.2026 13:25
Sources 1
About this happening:
The AiFrame operation spread fake Chrome AI assistants that delivered malicious extensions, putting over 260,000 Google Chrome users at risk of credential theft, e...
AiFrame malicious Chrome extension spraying operation
Malware ActivityAbout this happening: The AiFrame operation spread fake Chrome AI assistants that delivered malicious extensions, putting over 260,000 Google Chrome users at risk of credential theft, e...
Timeline
-
16.07.2026 22:26 2 articles · 1h ago
Claude for Chrome 1.0.80 still accepts synthetic clicks
Technical Analysis UpdateClaude for Chrome version 1.0.80, released July 7, still reproduced the synthetic-click trust bypass: the extension accepted JavaScript-generated click events without checking Event.isTrusted before launching predefined workflows. A malicious extension on claude.ai could inject a page element and synthesize the click, allowing Claude to act on connected services such as Gmail, Google Docs, Google Calendar, and Salesforce.
Show sources
- Claude Chrome extension flaw lets malicious extensions trigger AI actions — www.bleepingcomputer.com — 16.07.2026 22:26
- Claude Chrome extension flaw lets malicious extensions trigger AI actions — www.bleepingcomputer.com — 16.07.2026 22:26
-
16.07.2026 22:26 1 articles · 1h ago
Anthropic receives the synthetic-click and skipPermissions reports
Initial DisclosureResearchers reported both findings to Anthropic through the company's bug bounty program. Anthropic acknowledged the reports, closed the synthetic-click finding as a broader issue it was already tracking, and classified the internal skipPermissions=true parameter issue as informational.
Show sources
- Claude Chrome extension flaw lets malicious extensions trigger AI actions — www.bleepingcomputer.com — 16.07.2026 22:26