> TritonInfoSec News
Home / Mar 27, 2026 / Story
0
#6 The Hacker News general March 26, 2026 at 13:11 UTC

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

By [email protected] (The Hacker News)

AI Summary

Researchers disclosed a vulnerability in Anthropic's Claude Chrome Extension that allowed any website to silently inject prompts into the AI assistant without user interaction. The zero-click XSS flaw enabled malicious prompt injection simply by visiting a compromised webpage.

Read full article → https://thehackernews.com/2026/03/claude-extension…

Relevance score: 82.0/100

# More from March 27

  1. 1
    CISA: New Langflow flaw actively exploited to hijack AI workflows BleepingComputer
  2. 2
    China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks The Hacker News
  3. 3
    Coruna iOS exploit framework linked to Triangulation attacks BleepingComputer
  4. 4
    Alleged RedLine malware developer extradited to US, faces up to 30 years The Record
  5. 5
    Russia arrests suspected owner of LeakBase cybercrime forum BleepingComputer
  6. 7
    UK sanctions Xinbi marketplace linked to Asian scam centers BleepingComputer
  7. 8
    Pro-Ukraine hacker group Bearlyfy targets Russian companies with custom ransomware The Record
  8. 9
    WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites The Hacker News
  9. 10
    Google moves post-quantum encryption timeline up to 2029 CyberScoop