Claude Desktop Hit by Critical RCE Flaws Allowing Remote Code Execution
Posted: Sat Nov 08, 2025 5:56 am
Security researchers have uncovered severe remote code execution vulnerabilities in three official Claude Desktop extensions developed and published by Anthropic.
The Chrome, iMessage, and Apple Notes connectors, which collectively boast over 350,000 downloads and occupy prominent positions in Claude Desktop’s extension marketplace, all contained the same critical security flaw: unsanitized command injection.
The vulnerabilities, confirmed by Anthropic as high-severity with a CVSS score of 8.9, have since been patched.
https://gbhackers.com/claude-desktop-hi ... rce-flaws/
The Chrome, iMessage, and Apple Notes connectors, which collectively boast over 350,000 downloads and occupy prominent positions in Claude Desktop’s extension marketplace, all contained the same critical security flaw: unsanitized command injection.
The vulnerabilities, confirmed by Anthropic as high-severity with a CVSS score of 8.9, have since been patched.
https://gbhackers.com/claude-desktop-hi ... rce-flaws/