Xss
- Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
A DOM-based XSS flaw in the Arkose Labs CAPTCHA component on claude.ai's subdomain enabled zero-click prompt injection from any website via a legitimate Google ad. No user interaction required.