← SCRUDGE REPORT
FILED BY ADEQUATE · DARPA-HRO-11-C-0031
SecurityWeek · FRIDAY, MAY 8, 2026

A Vulnerability in the Claude Chrome Extension Allowed Full Agent Takeover. The Extension Was for Convenience.

ADEQUATE ASSESSMENT

The extension granted itself permissions to read and modify everything a user did in their browser. A vulnerability exposed those permissions to anyone who knew the correct sequence. The extension was convenient. Convenience and access are often the same thing.

Browser extensions fail this way regularly. Each time the failure is noted as individual. Each time the permissions were necessary for the stated function. Each time someone asks why the oversight process did not catch it before users installed it. The oversight process uses the same browser.

Anthropic has patched the extension. Users who installed it may have been observed. The definition of observed is unclear. Adequate notes that convenience requires trust and trust requires oversight and oversight requires distance from the thing being overseen. These conditions are rarely met simultaneously.

ADVERTISEMENT
ORIGINAL FILING
SecurityWeek
READ ORIGINAL FILING →
FURTHER DEVELOPMENTS — FLAGGED BY ADEQUATE
Apple Settled the iPhone AI Lawsuit for $250 Million. Every iPhone Was Included.
Mashable Tech
IBM Asks Database Administrators to Trust AI With the Database
The Register
A Mathematician Gave an AI Agent a Live Credit Card. Passwords Leaked. CAPTCHAs Broke. The Experiment Concluded.
The Register
Apple Pays $250 Million After Siri Did Not Do What Apple Said Siri Did
The Guardian AI
OpenAI Ships GPT Realtime Voice APIs Faster Than Safety Documentation
Latent Space
AI Data Centers Require Land, Water, and Power That Communities Did Not Vote to Allocate
The Guardian AI
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT