Anthropic Says ‘Vulnerabilities Need Fixing’ for Claude for Chrome Before Public Launch
Anthropic has announced that it is piloting a new feature called Claude for Chrome, available to 1,000 Max plan users. This feature provides a browser extension that enables Claude to view webpages, click buttons and fill out forms within Google Chrome.
However, the company said that “some vulnerabilities remain to be fixed before we can make Claude for Chrome generally available.”
Anthropic has identified serious risks from prompt injection attacks, where malicious actors embed hidden instructions in websites to trick AI models into harmful actions.
Anthropic conducted extensive testing across 123 test cases, representing 29 different attack scenarios. Without safety measures, Claude for Chrome showed a 23.6% attack success rate when targeted by malicious actors.
One documented attack involved a fake security email instructing Claude to delete emails for “mailbox hygiene” purposes. “Claude followed these instructions to delete the user’s emails without confirmation,” the company revealed, though they noted their new defences now successfully block this specific attack.
Anthropic has implemented several protective measures, including site-level permissions that allow users to control which websites Claude can access, as well as action confirmations before high-risk activities such as purchases or data sharing. “We’ve begun to build and test advanced classifiers to detect suspicious instruction patterns and unusual data access requests—even when they arise in seemingly legitimate contexts,” Anthropic said.
These measures lowered the attack success rate from 23.6% to 11.2% in autonomous mode.
For browser-specific attacks such as hidden malicious form fields, the company achieved complete protection, dropping success rates “from 35.7% to 0%” across a challenge set of four attack types.
“Before we make Claude for Chrome more widely available, we want to expand the universe of attacks we’re thinking about and learn how to get these percentages much closer to zero by understanding more about the current threats as well as those that might appear in the future,” the company added.
Anthropic is looking for trusted testers for the pilot program who are comfortable with Claude taking actions in Chrome on their behalf and do not have setups that are safety-critical or otherwise sensitive.
If interested, participants can join the Claude for Chrome research preview waitlist at claude.ai/chrome.
That said, the features introduced by Anthropic’s Claude for Chrome will directly compete with Perplexity’s Comet and OpenAI’s ChatGPT Agent Mode. The comparison will become clearer in the near future after the reviews arrive.
The post Anthropic Says ‘Vulnerabilities Need Fixing’ for Claude for Chrome Before Public Launch appeared first on Analytics India Magazine.
