All news

browser extension

(1 article)
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

March 26, 2026

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

A flaw in the Claude browser extension allowed zero-click XSS prompt injection from any website, putting AI-assisted sessions at serious risk.