- Claude's Chrome pilot with initial access to 1.000 Max plan subscribers and an open waiting list.
- The agent can read the page context and execute actions in the browser with permissions and confirmations.
- Security defenses that reduce prompt injections from 23,6% to 11,2% and mitigate browser-specific attacks.
- Restricted access to high-risk categories and site-level controls to minimize harm.
after throwing Claudia 4.1, Anthropic makes the leap into assisted navigation and with a Claude preview for Chrome, an agent that works directly within the browser to see what's on your screen, follow flows, and complete tasks under user control.
The company opts for a highly controlled implementation: starts with 1.000 Max plan users and a waiting system to cautiously expand access, putting the Focus on security and gathering real feedback before opening it to the public..
What is Claude for Chrome?
This is an extension that add a side panel in Chrome where you can chat with Claude while maintaining context of what's happening in the current tab: page text, visible forms and the interaction that the agent himself is performing.
Unlike a simple assistant who only answers questions, Claude can take actions within the browser if you let them: click on buttons, fill out forms, move through a purchasing process or publish content, always subject to permissions and confirmations.
Anthropic claims that this approach is natural evolution from his recent work connecting Claude with calendars, documents and productivity tools: Bringing these capabilities to the browser brings continuity to real-world tasks.
In internal testing, early versions helped to manage calendars and emails, automate routine expense reports and validate user flows on websites, as well as compose responses or summarize comments in collaborative documents.
What you can do within the browser
The agent can perform tasks such as search for ads with specific criteria on real estate portals, summarizing contributions in a Google Doc, or adding products to a shopping cart in a delivery service, without losing track of the context. In everyday scenarios, for example, it allows fill in the details of a reservation from the information you see on the page and leave the final confirmation in your hands, or that Check email submissions for messages awaiting replies.
For repetitive requests, such as data entries and forms, the agent streamlines mechanical steps and frees up time for higher value tasks, always with options to monitor or stop actions if something doesn't fit.
The company already explored computer control with its Computer Use feature and now, with the browser interface, seeks more precise interaction that reduces ambiguities and offers better traceability of each action.
Security: real risks and test figures
Agents using the browser face a key risk: prompt injections hidden in websites, emails or documents that attempt to make the model execute malicious instructions without the user's knowledge.
Anthropic has red teamed 123 test cases covering 29 attack scenariosWithout mitigations, the injection success rate was 23,6%, a worrying rate for potentially sensitive stocks.
Among the examples prior to the defenses, one order camouflaged in an email led the agent to delete the user's messages without asking for confirmation, illustrating the type of damage that a well-hidden adversary instruction can cause.
With measures applied in the so-called "“autonomous mode”, the success rate of these attacks dropped to 11,2% under the same conditions, and on a set of browser-specific challenges (such as invisible form fields in the DOM or instructions in the URL or tab title) success dropped from 35,7% to 0%.
Protective measures and limits
The first barrier is the system of site-level permissions: You can grant or revoke Claude's access to specific domains from the settings at any time and limit his scope.
In addition, the agent requests confirmation for high-risk stocks such as posting, purchasing, or sharing personal data; even if you enable standalone mode, safeguards remain in place for the most sensitive cases.
Anthropic has improved system prompts to guide the model through sensitive data and has blocked high-risk categories such as financial services, adult content, or piracy sites by default.
The company is testing advanced classifiers that detect suspicious patterns and unusual access requests, even when hidden in seemingly legitimate contexts, and will continue to expand coverage of known and emerging attacks.
Access, availability and next steps
Initial access is limited to 1.000 Max plan subscribers (costing between $100 and $200 per month, depending on the country). If you are interested, you can join the waiting list at the address claude.ai/chrome.
Once access is approved, the installation is carried out from the Chrome Web Store and validated with Claude's credentials. The recommendation is to start with trusted sites and avoid those that deal with financial, legal, or medical information.
The pilot's learnings will serve to refine the classifiers injection, strengthen permissions and adjust the model's behavior in real-life situations that do not occur in a test laboratory.
The movement comes in the midst of the race for the “browser agent”: Perplexity now offers CometGoogle is integrating Gemini into Chrome, and other players are working on similar features. Anthropic chooses to move slowly, with safety as a top priority.
Claude for Chrome is shaping up to be a major step toward web-based assistants that not only respond, but also act responsively; Its gradual deployment and mitigation figures suggest progress, although there is still a long way to go. to bring operational risk closer to acceptable minimums.
I am a technology enthusiast who has turned his "geek" interests into a profession. I have spent more than 10 years of my life using cutting-edge technology and tinkering with all kinds of programs out of pure curiosity. Now I have specialized in computer technology and video games. This is because for more than 5 years I have been writing for various websites on technology and video games, creating articles that seek to give you the information you need in a language that is understandable to everyone.
If you have any questions, my knowledge ranges from everything related to the Windows operating system as well as Android for mobile phones. And my commitment is to you, I am always willing to spend a few minutes and help you resolve any questions you may have in this internet world.