A serious security flaw was found in three official extensions for Anthropic’s Claude Desktop. The affected extensions include Chrome, iMessage, and Apple Notes connectors. The vulnerability could allow attackers to run malicious code on users’ computers. It has a high severity score of 8.9 on the CVSS scale.
The flaw came from unsanitized command inputs. This meant attackers could inject harmful commands through normal interactions with the AI assistant. Anthropic has already patched all three extensions.
Claude Desktop Extensions act as a bridge between the AI and the user’s system. Unlike browser add-ons, they run with full system privileges. This makes them powerful but also risky if security is weak.
KOI Security, which discovered the flaw, explained that the extensions processed inputs such as URLs or messages without proper checks. A simple malicious input could run AppleScript commands and execute code on the machine. This is a classic command injection flaw, showing that basic security mistakes can exist even in official software.
The risk is not limited to users typing commands. Claude Desktop fetches and reads web pages to answer questions. Attackers could serve malicious content that the AI interprets as instructions. This could trigger the vulnerable extensions and run code silently, allowing attackers to steal credentials, passwords, or even install backdoors without user knowledge.
Experts warn that these extensions should be treated as high-risk software, not casual plugins. Anthropic’s patches reduce the immediate threat, but users must keep their tools updated. This incident highlights the need for stronger security in AI platforms.
