SHARE

Within 24 hours of Google has launched new “Phishing alert extension Password Alert”, one security researcher abled to bypass this feature using some deadly easy exploits.

On last Wednesday, the giant search engine chrome launched the new Password Alert Extension for alerting the users that, whenever they enter the Google password accidentally on any sincerely crafted phishing site, it aimed to hijack users’ account.

Paul Moore , the security expert easily has circumvented technology by using just 7 lines of very simple code of JavaScript, which kills the phishing alerts very early of their starting to appear, the defeating new Password Alert chrome extension of Google.

Google has shortly fixed this issue and have released new update extension of password Alert which blocked Moore’s exploit. But, Moore discovered the other way for blocking new version Password Alert also.

gmail hacked

The initial proof of the concept was exploited by Moore based on simple JavaScript code which looks for a instances to warn screen in every 5 milliseconds and very simply removes the detected anything. Normally, the warn screen still on there.

Moore have posted a proof of the concept on exploit of JavaScript yesterday, by explaining the  Password Alert of Google may be bypassed anytime by anyone using the  just seven lines of code.

Moore has also provided a video as proof-of-concept in YouTube, for showing attack on action. The video link is,

https://youtu.be/HwEGYwCgqtk

Let’s see what time the giant of search engine take for fixing the issue with its new Extension of Password Alert on Chrome.

NO COMMENTS

LEAVE A REPLY

This site uses Akismet to reduce spam. Learn how your comment data is processed.