<![CDATA[So the Claude extension allows any other extension to inject JavaScript into claude.ai and run it?]]>So the Claude extension allows any other extension to inject JavaScript into claude.ai and run it? Cool cool cool.

Yeah, don't let this one in.

https://layerxsecurity.com/blog/a-flaw-in-claudes-browser-extension-allows-any-extension-to-hijack-it/

]]>https://forum.fedi.dk/topic/f713341d-479e-42e5-8fd5-9861be227906/so-the-claude-extension-allows-any-other-extension-to-inject-javascript-into-claude.ai-and-run-itRSS for NodeThu, 14 May 2026 03:41:01 GMTFri, 08 May 2026 13:22:02 GMT60<![CDATA[Reply to So the Claude extension allows any other extension to inject JavaScript into claude.ai and run it? on Fri, 08 May 2026 16:39:15 GMT]]>@mttaggart

2001: I'm afraid I can't do that...

2026: I'm afraid I *can* do that!

"AI"... Service with a smile!

]]>https://forum.fedi.dk/post/https://masto.hackers.town/users/float13/statuses/116539939581177322https://forum.fedi.dk/post/https://masto.hackers.town/users/float13/statuses/116539939581177322Fri, 08 May 2026 16:39:15 GMT<![CDATA[Reply to So the Claude extension allows any other extension to inject JavaScript into claude.ai and run it? on Fri, 08 May 2026 16:36:51 GMT]]>@mttaggart Working as intended.

]]>https://forum.fedi.dk/post/https://masto.hackers.town/users/drwho/statuses/116539930124053650https://forum.fedi.dk/post/https://masto.hackers.town/users/drwho/statuses/116539930124053650Fri, 08 May 2026 16:36:51 GMT<![CDATA[Reply to So the Claude extension allows any other extension to inject JavaScript into claude.ai and run it? on Fri, 08 May 2026 16:03:37 GMT]]>@mttaggart browser extension development and security practices writ large are stuck in 1995 I stg

]]>https://forum.fedi.dk/post/https://infosec.exchange/users/lapt0r/statuses/116539799477796006https://forum.fedi.dk/post/https://infosec.exchange/users/lapt0r/statuses/116539799477796006Fri, 08 May 2026 16:03:37 GMT<![CDATA[Reply to So the Claude extension allows any other extension to inject JavaScript into claude.ai and run it? on Fri, 08 May 2026 15:56:59 GMT]]>@mttaggart VANILLA is good. No external dependencies should be pressed a little bit harder. And... it would be great to have that packaged in a single file. Try telling these 'Claudes' to do it that way.

]]>https://forum.fedi.dk/post/https://mastodon.social/users/dckim/statuses/116539773387374294https://forum.fedi.dk/post/https://mastodon.social/users/dckim/statuses/116539773387374294Fri, 08 May 2026 15:56:59 GMT<![CDATA[Reply to So the Claude extension allows any other extension to inject JavaScript into claude.ai and run it? on Fri, 08 May 2026 15:13:50 GMT]]>@mttaggart this is why Anthropic needs to make Mythos available, so companies like Anthropic can catch these bugs!

]]>https://forum.fedi.dk/post/https://mspsocial.net/users/tonyangelo/statuses/116539603724181198https://forum.fedi.dk/post/https://mspsocial.net/users/tonyangelo/statuses/116539603724181198Fri, 08 May 2026 15:13:50 GMT<![CDATA[Reply to So the Claude extension allows any other extension to inject JavaScript into claude.ai and run it? on Fri, 08 May 2026 15:07:08 GMT]]>@mttaggart ugh, why do they have to have ai generated blog posts.

]]>https://forum.fedi.dk/post/https://tech.lgbt/users/Kroppeb/statuses/116539577386879922https://forum.fedi.dk/post/https://tech.lgbt/users/Kroppeb/statuses/116539577386879922Fri, 08 May 2026 15:07:08 GMT<![CDATA[Reply to So the Claude extension allows any other extension to inject JavaScript into claude.ai and run it? on Fri, 08 May 2026 14:57:27 GMT]]>@mttaggart The "s" in Anthropic stands for security

]]>https://forum.fedi.dk/post/https://tldr.nettime.org/users/tante/statuses/116539539262381084https://forum.fedi.dk/post/https://tldr.nettime.org/users/tante/statuses/116539539262381084Fri, 08 May 2026 14:57:27 GMT<![CDATA[Reply to So the Claude extension allows any other extension to inject JavaScript into claude.ai and run it? on Fri, 08 May 2026 13:25:59 GMT]]>@mttaggart wow it's so weird how when you increase "productivity" manyfold without paying actual humans to take the time to make it happen, you get all these explosive issues and vulnerabilities

]]>https://forum.fedi.dk/post/https://wetdry.world/users/matildalove/statuses/116539179624014010https://forum.fedi.dk/post/https://wetdry.world/users/matildalove/statuses/116539179624014010Fri, 08 May 2026 13:25:59 GMT