Browser-Security

The attack required no action from the victim. Visit a page. Leave. By the time the browser tab closed, the extension had already talked to Claude, exported chat history, read Gmail, and potentially sent an email under your name. Patched in Claude Chrome extension v1.0.41. Here is how the chain worked. The Attack Chain The Claude Chrome extension trusted any page on *.claude.ai to send it messages. That wildcard, every subdomain under claude.ai, is where the attack found its entry point. ...

You download a free PDF, a VS Code extension, a font pack. The file lands on your machine, and your background AI agent reads it. The file contains hidden instructions. The agent follows them. That is not a hypothetical. That is the exact threat model nobody is naming right now. OpenAI’s Codex runs silently on Mac while you work, learning from previous actions and picking up repeating tasks in parallel. Perplexity Personal Computer puts local agents on your machine with access to local files, native apps, and the web. Both ship with the premise that background access creates leverage. It does. It also creates exposure. These two things are not separable. ...