Security researchers have uncovered severe remote code execution vulnerabilities in three official Claude Desktop extensions developed and published by Anthropic.
The Chrome, iMessage, and Apple Notes connectors, which collectively boast over 350,000 downloads and occupy prominent positions in Claude Desktop’s extension marketplace, all contained the same critical security flaw: unsanitized command injection.
The vulnerabilities, confirmed by Anthropic as high-severity with a CVSS score of 8.9, have since been patched.
https://gbhackers.com/claude-desktop-hi ... rce-flaws/