Less than 24 hours after Google launched the new Phishing alert extension Password Alert, a security researcher was able to bypass the feature using deadly simple exploits.

On Wednesday, the search engine giant launched a new Password Alert Chrome extension to alert its users whenever they accidentally enter their Google password on a carefully crafted phishing website that aimed at hijacking users’ account.

However, security expert Paul Moore easily circumvented the technology using just seven lines of simple JavaScript code that kills phishing alerts as soon as they started to appear, defeating Google’s new Password Alert extension.


Google shortly fixed the issue and released a new update to Password Alert extension that blocked the Moore’s exploit. However, Moore discovered another way to block the new version of Password Alert, as well.

The first proof of concept exploit by Moore relied on a JavaScript that looks for instances of warning screen every five milliseconds and simply removes anything it detects. Generally, the warning screen is still there, but the exploit prevented the user from ever seeing it.

Moore posted the proof-of-concept JavaScript exploit yesterday, explaining that Google’s Password Alert can be bypassed by anyone using just seven lines of code.

Here’s the Kicker:

However, Google assured its users that the company has now fixed the issue, releasing Password Alert version 1.4. "To update quickly, go to

Chrome://extensions/ , enable developer mode, click update extensions now," Google engineer Drew Hintz said.

But Moore didn’t want to stop here. He began analyzing the code for the extension more closely and figured out another way to bypass Password Alert, effectively killing phishing alerts as soon as they generated.


Now, let’s see how much time the search engine giant would take to fix this issue in its all new Password Alert Chrome Extension.

The technology was just launched by Google on Wednesday, so you can expect some flaws at its early stage.

Password Alert extension has been installed by nearly 30,000 Chrome users, who are advised to update version 1.4, the latest version available at the moment, to fix the first issue.

In order to fix another problem, you may have to wait until Google releases the next update. Till then, you are advised to turn on two-factor authentication and use a good password manager to protect yourself against phishing attacks.

Relying on them would only bring trouble. Its time to switch to a new and less-known email provider.