Cybersecurity researchers have publicly disclosed a critical vulnerability in Anthropic's Claude Google Chrome Extension that enabled malicious actors to silently inject prompts into the AI assistant simply by directing a user to a specially crafted web page. The flaw, uncovered by Koi Security researcher Oren Yomtov and reported to The Hacker News, required no user interaction beyond visiting the compromised site. 'The flaw allowed any website to silently inject prompts into that assistant as if the user wrote them,' Yomtov stated in the published report. 'No clicks, no interaction required.' The vulnerability is classified as a zero-click cross-site scripting (XSS) prompt injection attack, a class of exploit that weaponizes AI browser extensions by bypassing the boundary between web content and AI assistant commands. An attacker exploiting this flaw could theoretically manipulate Claude into performing actions on behalf of the user, exfiltrating data visible in the browser context, or issuing commands that the AI would execute under the assumption they originated from the legitimate user. The disclosure highlights growing concerns over the attack surface introduced by AI-integrated browser extensions, which sit at the intersection of trusted user sessions, live web content, and powerful AI execution capabilities. Anthropic has not yet issued a public statement on the timeline of the patch or the scope of potential exploitation prior to the fix. Security researchers have increasingly flagged prompt injection as one of the most significant emerging threat vectors as AI assistants gain deeper integration into browsers, enterprise software, and critical workflows. Source: https://thehackernews.com/2026/03/claude-extension-flaw-enabled-zero.html