March 26, 2026
A flaw in the Claude browser extension allowed zero-click XSS prompt injection from any website, putting AI-assisted sessions at serious risk.
