[BUG] Claude in Chrome extension broken after Windows update - CSP blocking scripts
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Description
The Claude in Chrome extension stopped working after a Windows update. The extension shows "enabled and connected" in
its settings, but Claude Code CLI cannot connect. The approval popup that should appear when connecting either
auto-closes within 2 seconds or fails to render any UI.
## Environment
- Chrome version: 144.0.7559.110
- OS: Windows (recent Windows update installed)
- Claude Code CLI: (run
claude --versionto fill in) - Extension status: Shows "enabled and connected" in extension settings
## Symptoms
- Running
/chromein Claude Code or callingtabs_context_mcpreturns "Browser extension is not connected" - When selecting "Reconnect extension," a new tab opens to
https://claude.ai/newbut:
- The tab auto-closes after ~2 seconds when in the main Chrome window
- When dragged to a separate window, the tab stays open but shows no approval UI
- Windows shows a toast notification "Claude needs your attention" instead of Chrome showing the approval popup
## Console Errors
Opening DevTools on the Claude tab shows these CSP errors:
Executing inline script violates the following Content Security Policy directive 'script-src 'self''. Either the
'unsafe-inline' keyword, a hash ('sha256-kFwyFWA0myfqRcE5y2d5UX8g0o2QFHSmCz1gWSW0xpk='), or a nonce ('nonce-...') is
required to enable inline execution. The action has been blocked.
options.html:8 Executing inline script violates the following Content Security Policy directive 'script-src 'self'
'wasm-unsafe-eval' 'inline-speculation-rules''. Either the 'unsafe-inline' keyword, a hash
('sha256-kFwyFWA0myfqRcE5y2d5UX8g0o2QFHSmCz1gWSW0xpk='), or a nonce ('nonce-...') is required to enable inline
execution. The action has been blocked.
Main-D4n0EquA.js:2 Loading the script
'https://cdn.segment.com/next-integrations/actions/amplitude-plugins/f12a4347e1080fb88155.js' violates the following
Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so
'script-src' is used as a fallback. The action has been blocked.
## Troubleshooting Attempted
- Added Chrome to Windows Firewall allowed apps
- Verified extension shows "connected" status
- Restarted Chrome
- Checked Chrome flags (no CSP-related flags enabled)
- Confirmed feature worked before Windows update
## Root Cause Hypothesis
The Windows update may have included a Chrome update that enforces stricter CSP rules for extensions. The extension's
inline scripts in options.html and external scripts from cdn.segment.com are being blocked, preventing the
approval UI from rendering.
## Expected Behavior
Approval popup should appear allowing user to grant Claude Code access to Chrome.
## Actual Behavior
Scripts are blocked by CSP, approval UI never renders, connection fails.
What Should Happen?
Claude Code should connect to Claude Chrome extension.
Error Messages/Logs
Chrome Console: Executing inline script violates the following Content Security Policy directive 'script-src 'self''. Either the 'unsafe-inline' keyword, a hash ('sha256-kFwyFWA0myfqRcE5y2d5UX8g0o2QFHSmCz1gWSW0xpk='), or a nonce ('nonce-...') is required to enable inline execution. The action has been blocked.Understand this error
options.html:8 Executing inline script violates the following Content Security Policy directive 'script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules''. Either the 'unsafe-inline' keyword, a hash ('sha256-kFwyFWA0myfqRcE5y2d5UX8g0o2QFHSmCz1gWSW0xpk='), or a nonce ('nonce-...') is required to enable inline execution. The action has been blocked.Understand this error
Main-D4n0EquA.js:2 Loading the script 'https://cdn.segment.com/next-integrations/actions/amplitude-plugins/f12a4347e1080fb88155.js' violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked.
(anonymous) @ Main-D4n0EquA.js:2Understand this error
Main-D4n0EquA.js:2 Loading the script 'https://cdn.segment.com/next-integrations/actions/amplitude-plugins/f12a4347e1080fb88155.js' violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked.
Steps to Reproduce
Install latest Claude Code and Claude Chrome ext. Claude can't talk to Chrome.
Claude Model
Not sure / Multiple models
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
2.1.31
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
PowerShell
Additional Information
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗