Claude desktop extension can be hijacked to send out malware by a simple Google Calendar event

• LayerX warns Claude Desktop Extensions enable zero-click prompt injection attacks
• Extensions run unsandboxed with full system privileges, risking remote code execution
• Flaw rated CVSS 10/10, appears unresolved

Claude Desktop Extensions, due to their very nature, can be exploited for zero-click, prompt injection attacks which can lead to remote code execution (RCE) and full system compromise, experts have warned.

Claude is Anthropic’s AI assistant, and one of the more popular GenerativeAI models out there. It offers Desktop Extensions - MCP servers packaged and distributed through Anthropic’s extension marketplace, which when installed appear similar to Chrome add-ons.

However, unlike Chrome extensions that work in an extremely sandboxed browser environment and cannot access the underlying system, researchers from LayerX Security claims Claude Desktop Extensions “run unsandboxed and with full system privileges.” In practice, that means Claude can autonomously chain low-risk connectors such as Google ...