ShadowPrompt: How a Misconfigured Trust Boundary Turned Clau

Type	Value	Enrichment	Context	Conf.
⌘DOMAIN	`a-cdn.claude.ai`	VT US	Third-party Arkose Labs CAPTCHA endpoint trusted by Claude Chrome Extension subdomain allowlist; XSS delivery point in exploit chain. Legitimate domain — flag unexpected or high-volume connections from browser processes during the pre-patch exposure window only.	MEDIUM

A combined vulnerability in the Anthropic Claude Chrome Extension allowed any malicious website to silently inject instructions into a user’s Claude AI assistant without any click or interaction. The flaw combined an overly permissive trust boundary in the extension with a cross-site scripting weakness in a third-party CAPTCHA component embedded on the claude.ai subdomain. If exploited before patching, an attacker could have stolen credentials, accessed conversation history, or triggered autonomous actions such as sending emails on behalf of the victim, with no visible indication to the user.

Author

ShadowPrompt: How a Misconfigured Trust Boundary Turned Claude’s Browser Extension into a Zero-Click Attack Vector

Executive Summary

Impact Assessment

Exposure Analysis

Are You Exposed?

Business Context

Business Impact

Technical Analysis

Action Checklist IR ENRICHED

Recovery Guidance

Key Forensic Artifacts

Detection Guidance

Indicators of Compromise (1)

Platform Playbooks

IOC Detection Queries (1)

MITRE ATT&CK Hunting Queries (2)

Falcon API IOC Import Payload (1 indicators)

Compliance Framework Mappings

MITRE ATT&CK Mapping

Sources (5)

Gallery

Contacts

Tech Jacks Solutions

Services

Learn

Company