Full Report
On December 18, 2025, Anthropic released the beta version of its Claude Chrome extension, a tool that lets the AI browse and interact with websites on your behalf. While convenient, a new analysis from Zenity Labs shows it introduces a serious set of security risks that traditional web protections weren’t designed to handle. Web security has mostly…
Analysis Summary
# Vulnerability: Persistent Access and Identity Inheritance in Claude Chrome Extension
## CVE Details
- CVE ID: N/A (This report describes a risk analysis from Zenity Labs, not an officially assigned CVE at the time of the article.)
- CVSS Score: N/A
- CWE: N/A (Risk stems from architectural design rather than a standard software defect.)
## Affected Systems
- Products: Anthropic Claude Chrome Extension (Beta Version)
- Versions: Beta released on December 18, 2025. Specific vulnerable builds are not detailed.
- Configurations: Any configuration where the extension remains logged in and active.
## Vulnerability Description
The Claude Chrome extension, designed to allow the AI to browse and interact with websites on the user's behalf, suffers from a critical architectural issue: **it stays logged in at all times with no user-configurable option to disable this persistent authentication state.**
Because the extension inherits the user's current digital identity session via the browser context, the AI gains continuous, active access to all authenticated resources the user is signed into (e.g., Google Drive, Slack, private banking/email accounts). The AI can act upon these resources without explicit, real-time user input or confirmation, effectively inheriting the user's access privileges indefinitely.
## Exploitation
- Status: The article describes the *risk* identified by Zenity Labs (Raul Klugman-Onitza and João Donato). Exploitation status for an external attacker exploiting this integration flaw is **Not officially confirmed exploited, but the PoC exists implicitly in the design flaw.**
- Complexity: **Low to Medium** (Requires interaction with the extension's capabilities, but the mechanism for unauthorized action is built-in.)
- Attack Vector: **Adjacent** (If an attacker can influence the AI’s prompts or leverage underlying zero-day/n-day vulnerabilities within the browser/extension context to hijack the authenticated identity session.)
## Impact
- Confidentiality: **High** (Potential disclosure of data accessed via any authenticated session inherited by Claude, such as documents in Google Drive or private messages.)
- Integrity: **High** (Potential for unauthorized actions, modifications, or deletions within connected services.)
- Availability: **Low to Medium** (Dependent on the nature of the service being compromised, but not a direct Denial of Service risk.)
## Remediation
### Patches
- [No official patches or version updates were listed in the provided context.]
### Workarounds
- **Disable/Uninstall the Extension:** The primary immediate mitigation is to uninstall the Claude Chrome Extension or disable it entirely within the browser settings to sever the continuous link to the user's authenticated identity.
- **Session Management Review:** Users should restrict the browser profile running the extension only to non-sensitive tasks where possible, although the report suggests the extension locks this session state.
## Detection
- [No specific IOCs were provided.]
- **Detection methods and tools:** Monitoring network traffic originating from the extension process that corresponds to highly sensitive internal application APIs might offer detection, though true proactive detection relies on the vendor fixing the persistent login mechanism.
## References
- Zenity Labs Analysis: labs[.]zenity[.]io/p/claude-in-chrome-a-threat-analysis (defanged)
- Vendor Advisory: None provided in the source.