Security
Claude Chrome Extension Zero-Click Prompt Injection via Any Website.
Koi Security researcher Oren Yomtov discovered a vulnerability chain codenamed ShadowPrompt: an overly permissive *.claude.ai origin allowlist in the extension, combined with a DOM-based XSS …