Claude in Chrome

What it is

A Chrome extension that opens Claude in a side panel alongside whatever you’re browsing. Claude sees the page, and — when you ask — clicks, types, switches tabs, and takes actions on your behalf. It’s the browser equivalent of Cowork: agentic by design, gated by a permission system that asks before anything irreversible.

Available in beta on all paid plans (Pro, Max, Team, Enterprise). Chrome only; no other Chromium browsers, no mobile.

Where to find it

Visit the Chrome Web Store listing.
Click Add to Chrome.
Sign in with your Claude account.
Pin the extension (puzzle-piece icon → thumbtack next to Claude).
Grant permissions when prompted.

The Claude icon appears in your Chrome toolbar. Click to open the side panel.

How to use it

Pick a permission mode

Drop-down on the chat input:

Ask before acting (recommended) — Claude drafts a plan naming the sites it will visit and actions it will take. Approve, edit, or reject. Claude executes within those bounds and still confirms before irreversible actions.
Act without asking — high-risk mode. Use only when actively supervising on trusted sites.

Core flows

Ask Claude about the page you’re looking at. Select text, share a screenshot region, or upload an image to point at something specific.
Drag multiple tabs into Claude’s tab group to let it read across them at once.
Save a good prompt as a shortcut. Type / in chat to reuse it. Schedule shortcuts via the clock icon.
Record a workflow: click the record icon → perform the steps → stop. Claude learns the pattern and can repeat it.
From Claude Desktop: enable the Claude in Chrome connector (Settings → Connectors → Claude in Chrome → Configure) to dispatch browser tasks without switching windows.
From Claude Code: build in the terminal, test and verify in Chrome. The extension reads console logs, network requests, and DOM state.

Model selection

Pro: Haiku 4.5 only.
Max / Team / Enterprise: pick Opus 4.6, Sonnet 4.6, or Haiku 4.5 per task.

Good to know

Prompt injection is the headline risk. Malicious instructions hidden in pages can try to hijack Claude. Anthropic’s testing shows Opus 4.5 cuts attack success to ~1%, but non-zero is not zero — start with trusted sites, watch for sudden topic shifts, stop the task if something feels off.
Blocked categories. Claude cannot access banking, brokerage, crypto, adult, or pirated-content sites, regardless of permissions.
Always-asks actions: purchases, permanent deletes, creating accounts, changing passwords, modifying permissions, entering sensitive data. Even in “Act without asking” mode these still prompt.
Per-domain JavaScript permission. Claude must get approval before running JS on each domain — the primary defense against session hijacking.
Screenshots of your tab are sent to Claude when the side panel is open. Don’t open it over confidential docs.
Admin controls (Team/Enterprise): Org Settings → Claude in Chrome. Toggle the extension org-wide, add allowlists/blocklists, disable the Desktop→Chrome connector via isLocalDevMcpEnabled. Enterprise default is off; Team default is on. Recommend a restrictive allowlist for pilots.
Usage counts against your plan — same pool as Claude and Claude Code. Browser interactions use more tokens per turn than plain chat.
Troubleshooting: can’t see the page → refresh and confirm site permission. Extension won’t connect to Desktop/Code → restart or update the piece that’s failing. Actions failing → disable conflicting extensions.

What’s changed recently

2026-04-30 — claude.ai now renders a Beta badge next to Claude in Chrome in the Settings sidebar (/settings/browser-extension). Body unchanged — the page already noted the extension is in beta on paid plans; this is just the UI catching up to the docs.
2026-04-18 — Page created from official help-center articles.