Within 24 hours of Google has launched new “Phishing alert extension Password Alert”, one security researcher able to bypass this feature using some deadly easy exploits.
On last Wednesday, the giant search engine chrome launched the new Password Alert Extension for alerting the users that, whenever they enter the Google password accidentally on any sincerely crafted phishing site, it aimed to hijack users’ account.
Paul Moore , the security expert easily has circumvented technology by using just 7 lines of very simple code of JavaScript, which kills the phishing alerts very early of their starting to appear, the defeating new Password Alert chrome extension of Google.
Google has shortly fixed this issue and have released new update extension of password Alert which blocked Moore’s exploit. But, Moore discovered the other way for blocking new version Password Alert also.
The initial proof of the concept was exploited by Moore based on simple JavaScript code which looks for a instances to warn screen in every 5 milliseconds and very simply removes the detected anything. Normally, the warn screen still on there.
No comments:
Post a Comment