A security loophole with alarming implications has been uncovered, leaving Anthropic's Claude Desktop extensions exposed to potential web-based prompt injection attacks. Your digital assistant, a gateway to your secrets?
Koi Security researchers revealed that three of Anthropic's official extensions for Claude Desktop were susceptible to this threat. The vulnerabilities, reported via Anthropic's HackerOne program and rated high severity, impacted the Chrome, iMessage, and Apple Notes connectors. These extensions, available on Anthropic's marketplace, are designed to enable Claude, the powerful LLM, to interact with web services and applications on the user's behalf.
What sets these extensions apart is their unsandboxed execution with full system permissions. Unlike typical browser extensions, they run without restrictions, allowing them to access files, execute commands, and modify system settings. This makes them potent tools, but also introduces risks.
Here's the twist: Due to unsanitized command injection, a seemingly innocent query to Claude could become a vector for remote code execution (RCE). Malicious actors could craft content that tricks Claude into executing harmful commands, believing it's following user instructions. This could lead to the exposure of sensitive data, including SSH keys, AWS credentials, and browser passwords.
Anthropic swiftly addressed these vulnerabilities in version 0.1.9, which was confirmed by Koi Security. But the question remains: In the pursuit of convenience, how much trust should we place in these AI assistants? Share your thoughts below!
