VBS-2026-0010CRITICALCVSS 9CWE-79A reported chain in the Claude browser extension combined permissive trusted-origin handling with DOM/XSS on a trusted subdomain, allowing prompt injection flows that appeared user-originated.
Pin trusted origins narrowly, harden message origin validation, and enforce explicit approval boundaries before extension-driven assistant actions.
How do I check if my Browser extension bridges + Wildcard trusted origins app is affected by shadowPrompt: trusted-origin extension chain enables injected prompts?
A reported chain in the Claude browser extension combined permissive trusted-origin handling with DOM/XSS on a trusted subdomain, allowing prompt injection flows that appeared user-originated.. Search your codebase for Browser extension bridges, Wildcard trusted origins, postMessage channels patterns and verify the remediation has been applied. This is rated CVSS 9 — treat it as a live incident if your app is already in production.
Why does Claude generate code with CWE-79 (critical severity)?
A reported chain in the Claude browser extension combined permissive trusted-origin handling with DOM/XSS on a trusted subdomain, allowing prompt injection flows that appeared user-originated.
How do I fix shadowPrompt: trusted-origin extension chain enables injected prompts?
Pin trusted origins narrowly, harden message origin validation, and enforce explicit approval boundaries before extension-driven assistant actions.
What can an attacker do if my app contains VBS-2026-0010?
With CVSS 9 (critical), this vulnerability is critical — an attacker can likely gain complete control of your data or infrastructure.