Hackers bypass Google's Chrome protection within 24 hours of release
Google, last week, had announced the release of a new Chrome extension that can protect your Google account password from phishing websites. However, hackers have managed to bypass the security system in less than 24 hours.
As cybercriminals are trying various methods to get hold of your Google password, Google needed to step up the security system in order to protect its users’ identity. Last week, Google announced a new Chrome extension, which can help in fighting phishing. The Password Alert Chrome extension was designed to alert the user whenever he or she accidentally enters the Google account password on a phishing website that was meant for hijacking the Google account.
Sadly, a hacker managed to get past the secure extension within 24 hours of Google launching the Chrome extension. The Hacker News reported that security expert Paul Moore easily circumvented the technology using just seven lines of simple JavaScript code that kills phishing alerts as soon as they started to appear, defeating Google’s new Password Alert extension. Soon after this, Google managed to fix the issue which blocked Moore’s exploit, but discovered yet another way to get past it.
The proof of concept exploit by Moore was written in JavaScript and the exploit prevented the user from ever seeing the alerts from the extension. Moore reported that Google’s password alert module can be bypassed by anyone with just seven lines of code.
Google managed to release multiple patches and Moore managed to bypass most of them. A new update on The Hacker News states that Google released version 1.6 of the Chrome extension, and that too was bypassed easily.