Claude Desktop Extensions Exposes Over 10,000 Users to Remote Code Execution Vulnerability

  Summary: LayerX discovered a zero-click remote code execution (RCE) vulnerability in Claude Desktop Extensions (DXT), in which a single Google Calendar event can silently compromise a system running Claude Desktop Extensions. The flaw impacts more than 10,000 active users and 50 DXT extensions.  Unlike traditional browser extensions, Claude Desktop Extensions run unsandboxed with full … Continue reading Claude Desktop Extensions Exposes Over 10,000 Users to Remote Code Execution Vulnerability

LayerX