web browsers

anthropic’s-auto-clicking-ai-chrome-extension-raises-browser-hijacking-concerns

Anthropic’s auto-clicking AI Chrome extension raises browser-hijacking concerns

agentic AI, AI, AI agents, AI safety, AI security, AI vulnerability, Anthropic, Biz & IT, browser security, Chrome extension, Claude, computer use model, machine learning, prompt injections, Simon Willison, web browsers / /

The company tested 123 cases representing 29 different attack scenarios and found a 23.6 percent attack success rate when browser use operated without safety mitigations.

One example involved a malicious email that instructed Claude to delete a user’s emails for “mailbox hygiene” purposes. Without safeguards, Claude followed these instructions and deleted the user’s emails without confirmation.

Anthropic says it has implemented several defenses to address these vulnerabilities. Users can grant or revoke Claude’s access to specific websites through site-level permissions. The system requires user confirmation before Claude takes high-risk actions like publishing, purchasing, or sharing personal data. The company has also blocked Claude from accessing websites offering financial services, adult content, and pirated content by default.

These safety measures reduced the attack success rate from 23.6 percent to 11.2 percent in autonomous mode. On a specialized test of four browser-specific attack types, the new mitigations reportedly reduced the success rate from 35.7 percent to 0 percent.

Independent AI researcher Simon Willison, who has extensively written about AI security risks and coined the term “prompt injection” in 2022, called the remaining 11.2 percent attack rate “catastrophic,” writing on his blog that “in the absence of 100% reliable protection I have trouble imagining a world in which it’s a good idea to unleash this pattern.”

By “pattern,” Willison is referring to the recent trend of integrating AI agents into web browsers. “I strongly expect that the entire concept of an agentic browser extension is fatally flawed and cannot be built safely,” he wrote in an earlier post on similar prompt injection security issues recently found in Perplexity Comet.

The security risks are no longer theoretical. Last week, Brave’s security team discovered that Perplexity’s Comet browser could be tricked into accessing users’ Gmail accounts and triggering password recovery flows through malicious instructions hidden in Reddit posts. When users asked Comet to summarize a Reddit thread, attackers could embed invisible commands that instructed the AI to open Gmail in another tab, extract the user’s email address, and perform unauthorized actions. Although Perplexity attempted to fix the vulnerability, Brave later confirmed that its mitigations were defeated and the security hole remained.

For now, Anthropic plans to use its new research preview to identify and address attack patterns that emerge in real-world usage before making the Chrome extension more widely available. In the absence of good protections from AI vendors, the burden of security falls on the user, who is taking a large risk by using these tools on the open web. As Willison noted in his post about Claude for Chrome, “I don’t think it’s reasonable to expect end users to make good decisions about the security risks.”

Anthropic’s auto-clicking AI Chrome extension raises browser-hijacking concerns Read More »

microsoft-fixes-problem-that-let-edge-replicate-chrome-tabs-without-permission

Microsoft fixes problem that let Edge replicate Chrome tabs without permission

Browsers, google chrome, microsoft, Microsoft Edge, Tech, web browsers / /

Tab thieving thwarted —

Edge update is first proof that this was definitely a glitch.

Microsoft fixes problem that let Edge replicate Chrome tabs without permission

Microsoft

Microsoft has fixed a problem that resulted in tabs from Google Chrome being imported to Microsoft Edge without user consent, as spotted by The Verge. Microsoft has kept mum on the situation, making the issued update the first time Microsoft has identified this as a problem, rather than typical behavior for the world’s third-most-popular browser.

In late January, The Verge Senior Editor Tom Warren reported experiencing the puzzling Edge issue. After updating his computer, Edge launched with the tabs that Warren most recently used in Chrome. He eventually realized that Edge has a feature you can toggle, reading: “Always have access to your recent browsing data each time you browse on Microsoft Edge.” The setting is reachable in Edge by typing “edge://settings/profiles/importBrowsingData.” Interestingly, it allows Edge to import browsing data from Chrome every time you open Edge, but data from Firefox can only be imported manually. However, Edge was seizing Chrome tabs without this setting enabled. Others reported having this problem via Microsoft’s support forum and social media, as well.

The Edge setting as seen on a Windows 11 23H2 system running Edge 122. You can have data continuously imported from Chrome or on demand from Firefox, but other browsers don't appear.

Enlarge / The Edge setting as seen on a Windows 11 23H2 system running Edge 122. You can have data continuously imported from Chrome or on demand from Firefox, but other browsers don’t appear.

Andrew Cunningham

Microsoft didn’t respond to The Verge’s initial request for comment, but this week it released an Edge update that seems to address matters. Microsoft’s release notes from February 15 say:

Edge has a feature that provides an option to import browser data on each launch from other browsers with user consent. This feature’s state might not have been syncing and displaying correctly across multiple devices. This is fixed.

Microsoft seems to be saying that the status (enabled or disabled) of Edge’s importing data ability wasn’t syncing correctly across people’s Microsoft devices. However, this doesn’t explain the number of users who claimed they saw the problem without having the feature enabled. Microsoft declined Ars Technica’s request for comment.

With this fix, Microsoft is claiming that the behavior was, indeed, unintentional. But that wasn’t a given. Besides the fact that Microsoft hasn’t provided more details about the problem, the company also has a history of both sneakily and overtly trying to coerce people into using Edge. You’ll see Microsoft pester you with pop-up messages if you try to download Chrome or change your default browser, for example.

Edge and Chrome are both based on the Chromium browsing engine, but Chrome has long maintained a massive lead over Edge in terms of market share. Global Statcounter data points to Chrome having 64.41 percent market share last month, followed by Safari (18.82 percent), and then Edge (5.36 percent). The numbers inch slightly more in Microsoft’s favor when looking at the US market specifically (9.31 percent share in January), although Chrome still dominated (49.06 percent).

  • Browser market share for the past year globally.

  • Browser market share for the past year in the US.

Like many web browsers, Edge has a hard time competing with Chrome, which ties in with other popular Google services, like Gmail. Similarly, Edge promotes Microsoft offerings, including coupons, Microsoft accounts, and, as of recently, Copilot.

Edge pulling Chrome tabs seemed to fit in with pushy strategies Microsoft has employed to get people on its browser and other products, like Microsoft 365. Without more information, we don’t know when Microsoft first knew about Edge’s unwanted tab replication or how long it took to make it stop. Regardless, Microsoft doesn’t intend for tab swiping to be part of the Edge experience currently, so at least this particular nuisance should be over.

Microsoft fixes problem that let Edge replicate Chrome tabs without permission Read More »