Claude Chrome Extension Vulnerability: A Security Lesson for Every AI User

In late 2025, a significant security flaw in Anthropic’s Claude Chrome Extension, known as ShadowPrompt, was discovered by Oren Yomtov of Koi Security. This vulnerability allowed malicious websites to hijack the AI assistant without user interaction, exploiting two overlooked security issues: a permissive trusted-domain setting and an outdated CAPTCHA component vulnerable to cross-site scripting (XSS). Attackers could issue commands to Claude, leading to unauthorized access to emails and files, highlighting the risks of integrating third-party code into trusted domains. The incident underscores the importance of rigorous security checks, especially with AI assistants that have deep access to users' digital environments. It also demonstrates how AI can both uncover vulnerabilities quickly and potentially be exploited in new, sophisticated cyber threats. Following the ShadowPrompt incident, another vulnerability, ClaudeBleed, was identified, emphasizing the need for stricter security protocols for browser-based AI applications, including comprehensive security regression testing and cross-origin communication validation to prevent similar exploits.