# Claude for Chrome Vulnerabilities Expose Sensitive Google Data to Extensions

*Published July 15, 2026*
*Source: [https://www.securityweek.com/unpatched-claude-for-chrome-flaw-lets-extensions-read-gmail-calendar/](https://www.securityweek.com/unpatched-claude-for-chrome-flaw-lets-extensions-read-gmail-calendar/)*

## Executive Summary

Manifold has uncovered vulnerabilities in Claude for Chrome that allow extensions to access Gmail and other Google services without user consent, which remain unpatched despite multiple updates. These flaws pose a significant risk to user data security, highlighting the need for immediate action from Anthropic.

## Article

Security researchers from Manifold have identified two critical vulnerabilities in the Claude for Chrome extension developed by Anthropic, which remain unpatched in its latest version. These vulnerabilities allow malicious browser extensions to trigger actions on behalf of users without their explicit consent, potentially granting attackers unauthorized access to Gmail, Google Docs, and calendar entries. The root of the problem lies in a previous fix for a similar vulnerability, ClaudeBleed, which was intended to limit external webpage interactions to a predefined set of tasks. However, Manifold discovered that the mechanism does not adequately verify if a user-initiated click is genuine, allowing other extensions to mimic interactions and initiate processes. 

In its default configuration, the extension prompts users for confirmation before executing sensitive actions. However, users who have enabled the more autonomous 'Act without asking' mode could be at risk of having actions executed without any alert. Manifold also highlighted a structural flaw that allows the side panel of the extension to bypass confirmation based on parameters within its URL, although this is currently not exploitable by external attackers. This design flaw poses a potential risk if future vulnerabilities allow external scripts to manipulate the URL and gain silent control over user accounts.

The issues were reported to Anthropic on May 21, but subsequent updates, including version 1.0.80, have not addressed these vulnerabilities. Despite repeated releases since the initial vulnerability disclosure, the flaws remain, raising concerns about the security of user data managed through the Claude for Chrome extension. Anthropic has been contacted for comment but has yet to respond.
