Key Findings LayerX researchers discovered ClaudeBleed, a critical vulnerability in Claude's Chrome extension that allows any other browser extension to take full control of the AI assistant The flaw stems from improper message source verification, allowing malicious scripts to issue commands to Claude without user knowledge or consent Attackers can extract files from Google Drive, read private emails, send messages on behalf of users, and access GitHub repositories Anthropic