A critical prompt injection vulnerability has been identified in Anthropic's Claude Chrome extension, affecting all versions below 1.0.41. The flaw allows attackers to exploit a cross-site scripting (XSS) vulnerability by loading malicious iframes, enabling them to execute harmful payloads within the a-cdn.claude.ai subdomain. This vulnerability permits attackers to inject and execute malicious prompts without user interaction, potentially compromising sensitive data such as Google Drive documents and business access tokens. Users are urged to update to version 1.0.41 or higher immediately and exercise caution against phishing attempts.