[BUG] Claude in Chrome extension broken after Windows update - CSP blocking scripts

Resolved 💬 3 comments Opened Feb 5, 2026 by pat604-Noda Closed Feb 8, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Description

The Claude in Chrome extension stopped working after a Windows update. The extension shows "enabled and connected" in
its settings, but Claude Code CLI cannot connect. The approval popup that should appear when connecting either
auto-closes within 2 seconds or fails to render any UI.

## Environment

  • Chrome version: 144.0.7559.110
  • OS: Windows (recent Windows update installed)
  • Claude Code CLI: (run claude --version to fill in)
  • Extension status: Shows "enabled and connected" in extension settings

## Symptoms

  1. Running /chrome in Claude Code or calling tabs_context_mcp returns "Browser extension is not connected"
  2. When selecting "Reconnect extension," a new tab opens to https://claude.ai/new but:
  • The tab auto-closes after ~2 seconds when in the main Chrome window
  • When dragged to a separate window, the tab stays open but shows no approval UI
  1. Windows shows a toast notification "Claude needs your attention" instead of Chrome showing the approval popup

## Console Errors
Opening DevTools on the Claude tab shows these CSP errors:

Executing inline script violates the following Content Security Policy directive 'script-src 'self''. Either the
'unsafe-inline' keyword, a hash ('sha256-kFwyFWA0myfqRcE5y2d5UX8g0o2QFHSmCz1gWSW0xpk='), or a nonce ('nonce-...') is
required to enable inline execution. The action has been blocked.

options.html:8 Executing inline script violates the following Content Security Policy directive 'script-src 'self'
'wasm-unsafe-eval' 'inline-speculation-rules''. Either the 'unsafe-inline' keyword, a hash
('sha256-kFwyFWA0myfqRcE5y2d5UX8g0o2QFHSmCz1gWSW0xpk='), or a nonce ('nonce-...') is required to enable inline
execution. The action has been blocked.

Main-D4n0EquA.js:2 Loading the script
'https://cdn.segment.com/next-integrations/actions/amplitude-plugins/f12a4347e1080fb88155.js' violates the following
Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so
'script-src' is used as a fallback. The action has been blocked.

## Troubleshooting Attempted

  • Added Chrome to Windows Firewall allowed apps
  • Verified extension shows "connected" status
  • Restarted Chrome
  • Checked Chrome flags (no CSP-related flags enabled)
  • Confirmed feature worked before Windows update

## Root Cause Hypothesis
The Windows update may have included a Chrome update that enforces stricter CSP rules for extensions. The extension's
inline scripts in options.html and external scripts from cdn.segment.com are being blocked, preventing the
approval UI from rendering.

## Expected Behavior
Approval popup should appear allowing user to grant Claude Code access to Chrome.

## Actual Behavior
Scripts are blocked by CSP, approval UI never renders, connection fails.

What Should Happen?

Claude Code should connect to Claude Chrome extension.

Error Messages/Logs

Chrome Console: Executing inline script violates the following Content Security Policy directive 'script-src 'self''. Either the 'unsafe-inline' keyword, a hash ('sha256-kFwyFWA0myfqRcE5y2d5UX8g0o2QFHSmCz1gWSW0xpk='), or a nonce ('nonce-...') is required to enable inline execution. The action has been blocked.Understand this error
options.html:8 Executing inline script violates the following Content Security Policy directive 'script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules''. Either the 'unsafe-inline' keyword, a hash ('sha256-kFwyFWA0myfqRcE5y2d5UX8g0o2QFHSmCz1gWSW0xpk='), or a nonce ('nonce-...') is required to enable inline execution. The action has been blocked.Understand this error
Main-D4n0EquA.js:2 Loading the script 'https://cdn.segment.com/next-integrations/actions/amplitude-plugins/f12a4347e1080fb88155.js' violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked.
(anonymous) @ Main-D4n0EquA.js:2Understand this error
Main-D4n0EquA.js:2 Loading the script 'https://cdn.segment.com/next-integrations/actions/amplitude-plugins/f12a4347e1080fb88155.js' violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked.

Steps to Reproduce

Install latest Claude Code and Claude Chrome ext. Claude can't talk to Chrome.

Claude Model

Not sure / Multiple models

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.1.31

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

PowerShell

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗