Behold: the drop-dead simple exploit that nukes Google’s Password Alert

Status
Not open for further replies.

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
Less than 24 hours after Google unveiled a Chrome extension that warns when user account passwords get phished, a security researcher has devised a drop-dead simple exploit that bypasses it.

This benign proof-of-concept exploit looks almost identical to a Google login page, and is typical of a malicious phishing page that attempts to trick people into entering their user name and password. If Google's freely available Password Alert extension was better designed, it would provide a warning as soon as someone tried to log into the page with their Google password. Instead, the warning is completely suppressed. (Note: although Ars fully trusts the researcher, readers are strongly advised not to enter passwords for Google accounts they use for anything other than testing purposes.) A video of the bypass exploit:



More
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top