Claude for Chrome

(www.anthropic.com)

795 points davidbarker | 1 comments | 26 Aug 25 19:01 UTC | HN request time: 0.217s | source

Show context

dfabulich ◴[27 Aug 25 01:10 UTC] No.45034300[source]▶

Claude for Chrome seems to be walking right into the "lethal trifecta." https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

"The lethal trifecta of capabilities is:"

• Access to your private data—one of the most common purposes of tools in the first place!

• Exposure to untrusted content—any mechanism by which text (or images) controlled by a malicious attacker could become available to your LLM

• The ability to externally communicate in a way that could be used to steal your data (I often call this “exfiltration” but I’m not confident that term is widely understood.)

If your agent combines these three features, an attacker can easily trick it into accessing your private data and sending it to that attacker.

replies(11): >>45034378 #>>45034587 #>>45034866 #>>45035318 #>>45035331 #>>45036212 #>>45036454 #>>45036497 #>>45036635 #>>45040651 #>>45041262 #

brookst ◴[27 Aug 25 03:58 UTC] No.45035318[source]▶

>>45034300 #

“Easily” is doing a lot of work there. “Possibly” is probably better. And of course it doesn’t have unfettered access to all of your private data.

I would look at it like hiring a new, inexperienced personal assistant: they can only do their job with some access, but it would be foolish to turn over deep secrets and great financial power on day one.

replies(2): >>45035378 #>>45038418 #

1. pdntspa ◴[27 Aug 25 04:11 UTC] No.45035378[source]▶

>>45035318 #

If it can navigate to an arbitrary page (in your browser) then it can exploit long-running sessions and get into whatever isn't gated with an auth workflow.

↑