The Hacker News
@thehackernews
⚠️ A flaw in Claude’s Chrome extension let attackers inject prompts by just visiting a page.
No clicks. A hidden iframe + XSS chain made the extension treat attacker input as real user commands, enabling data theft and actions like sending emails.
�� How the silent prompt injection worked → https://thehackernews.com/2026/03/claude-extension-flaw-enabled-zero.html
No clicks. A hidden iframe + XSS chain made the extension treat attacker input as real user commands, enabling data theft and actions like sending emails.
�� How the silent prompt injection worked → https://thehackernews.com/2026/03/claude-extension-flaw-enabled-zero.html
👍 11
🤯 6
🔥 2
😁 2
52 9.5K
Обсуждение 0
Обсуждение не доступно в веб-версии. Чтобы написать комментарий, перейдите в приложение Telegram.
Обсудить в Telegram