Paul’s proof of concept
The anti-phishing Chrome extension called Password Alert was introduced on Wednesday to protect users from phishing sites and hackers. On typing the password on the extension, it will alert users if the password has been used on any non-Gmail page and it should be changed by scanning all HTML pages which might fake a Gmail login page. Paul uploaded a video on YouTube showing how his code could mislead Google’s Password Alert.
Other security flaws detected
“#Google #PasswordAlert version 1.4 bypassed, again!”
Hence, this Password Alert is found to be easily bypassed by hackers on their phishing sites. Users should be careful in using this Chrome extension.