News

Google Chrome Anti-Phishing Extension Already Bypassed – Update

By admin
Spread the love

The Chrome extension that can warn against phishing Google passwords can already be circumvented via a simple exploit. The exploit was also quickly countered by Google with an update, but early adopters still have to do that manually.

That writes Arstechnica. The proof-of-concept exploit comes less than 24 hours after the extension was released. The Password Alert Chrome extension compares the text entered to a hash of the Google password and can warn when the password is entered on a non-Google site.

The exploit uses Javascript to check every five milliseconds for the warning from Google. Once that is the case, the notification will be removed immediately. This happens so fast that the user never sees the warning.

Security researcher Paul Moore of British security firm Urity Group says the suggestion that any degree of security is provided at all is dangerous. According to Moore, Google better spend its time teaching people how to use password managers.

Soon after the exploit appeared, Google replaced the Password Alert extension to version 1.4. Users who have already installed the extension can update the extension faster by checking Developer mode in Chrome’s settings under Extensions and then updating the extensions.

Update May 4 13.06: from a tweet turns out that another way has been found to circumvent the extension

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

Rumor: Apple is working on its own applications based on a large language model

News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Meta introduces open source language model Llama 2, works on PCs and phones