Claude for Chrome

(www.anthropic.com)

795 points davidbarker | 1 comments | 26 Aug 25 19:01 UTC | HN request time: 0.223s | source

Show context

dfabulich ◴[27 Aug 25 01:10 UTC] No.45034300[source]▶

Claude for Chrome seems to be walking right into the "lethal trifecta." https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

"The lethal trifecta of capabilities is:"

• Access to your private data—one of the most common purposes of tools in the first place!

• Exposure to untrusted content—any mechanism by which text (or images) controlled by a malicious attacker could become available to your LLM

• The ability to externally communicate in a way that could be used to steal your data (I often call this “exfiltration” but I’m not confident that term is widely understood.)

If your agent combines these three features, an attacker can easily trick it into accessing your private data and sending it to that attacker.

replies(11): >>45034378 #>>45034587 #>>45034866 #>>45035318 #>>45035331 #>>45036212 #>>45036454 #>>45036497 #>>45036635 #>>45040651 #>>45041262 #

beefnugs ◴[27 Aug 25 04:01 UTC] No.45035331[source]▶

>>45034300 #

Well i mean you are suppose to have a whole toolset of segregation, whitelist only networking, limited specific use cases figured out by now to use any of this AI stuff

Dont just run any of this stuff on your main machine

replies(1): >>45035839 #

1. notTooFarGone ◴[27 Aug 25 05:46 UTC] No.45035839[source]▶

>>45035331 #

Oh yeah really? Do they check that and don't run unless you take those measures? If not 99.99% of users won't do it and saying "well ahkschually" isn't gonna solve the problem.

↑