{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreicgyvsdsyzrei5drk724lfgnq4umq46w3bce7ytjbr4yrqrz7gsyi",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mhy5wnvqix32"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreib4j2tfn7dtqnaivsdqlr7nhmrrdcehxdsyjf6ggts7ngixoyd52i"
    },
    "mimeType": "image/jpeg",
    "size": 98490
  },
  "path": "/2026/03/claude-extension-flaw-enabled-zero.html",
  "publishedAt": "2026-03-26T13:11:00.000Z",
  "site": "https://thehackernews.com",
  "textContent": "Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page.\nThe flaw \"allowed any website to silently inject prompts into that assistant as if the user wrote them,\" Koi Security researcher Oren Yomtov said in a report shared with The Hacker News. \"No clicks, no",
  "title": "Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website"
}