GoPlus: Claude Chrome versions below 1.0.41 contain a high-risk vulnerability; immediate upgrade is recommended.

CoinFeed reported on March 27th that, according to GoPlus monitoring, the Anthropic Claude Chrome extension contains a high-risk prompt injection vulnerability, affecting versions lower than 1.0.41. Attackers can hijack the Claude plugin through malicious web pages, using a subdomain trust whitelist to send malicious prompts to the extension and execute them automatically. This could allow attackers to read Google Drive documents, steal business tokens, export chat logs, and even impersonate users to perform sensitive operations without the user's knowledge. Users are advised to update the extension to version 1.0.41 or later and to be wary of unknown links.