Rogue browser extensions can trigger Gmail reads through Claude for Chrome
The Hacker News·medium signal
Researchers disclosed a Claude for Chrome flaw allowing other installed extensions to trigger Gmail reads — an agent-in-the-browser trust boundary failure where the threat model must include sibling extensions, not just web pages. If you deploy browser-resident agents, enumerate what other locally installed software can reach the agent's message surface. Reported this month alongside a broader 'Claudy Day' cluster of Claude data-theft findings.