Google Pushes High-Risk Chrome Update for 3.5 Billion Users, ShadowPrompt Flaw Hits Claude Extension

Google has released an urgent security update for Chrome, patching eight high-risk vulnerabilities affecting its 3.5 billion users. The update addresses multiple memory safety and rendering engine flaws that could allow remote code execution through crafted web pages.

Separately, a vulnerability dubbed “ShadowPrompt” was publicly disclosed in Anthropic’s Claude browser extension for Chrome. The flaw allows malicious websites to silently inject prompts into Claude conversations, potentially exfiltrating sensitive data or manipulating AI-generated responses without the user’s knowledge.

Sources: Forbes

Why This Matters

The Chrome patches are standard fare for severity but notable for volume — eight high-risk issues in one batch. The ShadowPrompt disclosure is more interesting: as AI assistants become embedded in browsers, they create a new attack surface that traditional web security models weren’t designed for. Prompt injection via compromised websites is a class of vulnerability that’s going to keep growing as more people run AI extensions. If you use Claude in Chrome, check your extension version immediately.