A Bug in the Claude for Chrome Extension Has Survived Eight Fixes and Still Leaks Your Gmail

A flaw nicknamed 'ClaudeBleed' lets other browser extensions quietly read your email and calendar. After eight attempted patches, it apparently still works.

ThreatVectr Newsdesk· 3 min read
Full-frame edge-to-edge photoreal news-editorial image of a darkened secure data center corridor, server racks glowing pale blue on either side, a single open r
Share

Key points

  • A security flaw in the Claude for Chrome browser extension has resisted at least eight separate attempted fixes.
  • The bug, nicknamed 'ClaudeBleed', can allow other extensions installed in the same browser to read a user's Gmail messages and Google Calendar events.
  • The vulnerability exposes data belonging to anyone who has the Claude extension installed alongside other extensions in Google Chrome.
  • SecurityWeek first reported the persistence of the flaw across multiple patch attempts.

Anthropic's Claude for Chrome extension, a browser add-on that brings the Claude artificial intelligence assistant directly into your web browser, has a serious problem that its makers have not yet managed to close.

The flaw goes by the nickname 'ClaudeBleed'. In plain terms: it creates a gap that lets other extensions installed in the same browser quietly reach into Claude's memory and pull out data it has handled, including content from Gmail and Google Calendar.

Think of it like a filing cabinet with a broken lock. The filing cabinet is Claude. The other extensions are other people who share the same office. Most of them are trustworthy. But if one is not, and the lock is broken, they can open the drawer and read whatever is inside.

The failure mode here is that the extension does not properly wall off the information it holds from other extensions running alongside it. Browser extensions are supposed to be isolated from each other. This one is not.

Should ordinary users be worried?

Yes, in a limited but real way. You are at risk if you have the Claude for Chrome extension installed and you also have other extensions in Chrome, especially ones from unfamiliar developers or sources outside the official Chrome Web Store.

The good news is that a random website cannot trigger this. The bad news is that a malicious extension, perhaps a free tool for PDF conversion or coupon-finding that quietly misbehaves, could sit in your browser and use this flaw to read emails you have opened while Claude was active.

In practice, most people do not audit their browser extensions regularly. One thing the post-mortem will say, when Anthropic eventually publishes one, is that extension isolation was treated as a browser problem rather than an application problem. It is both.

Eight patches have come and gone. The flaw persists. That is not a good number.

If you use the Claude for Chrome extension, the safest immediate step is to disable or remove it until a confirmed fix lands. Also take five minutes to open your browser's extension list and remove anything you do not recognise or actively use. Fewer extensions means a smaller attack surface, which is the kind of sentence that sounds obvious and is almost never acted on.

Watch your Google account for unfamiliar activity, and consider enabling Google's Advanced Protection Program if you handle sensitive information regularly.

Operational takeaway: audit your browser extensions the same way you audit software on a server, because in 2025 they are running with similar access to your data.

© 2026 Threat Vectr