Google Chrome browser's new Anti-Phishing Password Alert extension is in controversies right after its launch last Wednesday, but now the search engine giant has effectively pulled off Password Alert from its store.
Password Alert was not bypassed once, twice, but every time Google introduced a new updated version of the extension.
Google developed this Password Alert Chrome extension in an effort to alert Internet users whenever they accidentally enter their Google password on a carefully crafted phishing website that aimed at hijacking users’ account.
Here’s the worst part:
However, the first version of Password Alert was bypassed in less than 24 hours of its launch.
Security expert Paul Moore from UK-based Urity Group quickly circumvented the Anti-Phishing technology by pure JavaScript code of seven lines.
Since then Google released Password Alert version 1.4, version 1.5 and version 1.6, but…
...all of them were bypassed, keeping users unaware of falling victim to phishing attacks. The latest version 1.6 was bypassed by the researchers at software security firm Securify.
Upcoming Google Password Alert 1.7 Update
However, now Google has uploaded the source code for Password Alert version 1.7 on Github, first noticed and reported by Paul Moore.
The latest Password Alert update, which is yet not officially launched on Chrome store, probably available for download in the next few hours.
The latest update Password Alert 1.7 on Github mentions that the search engine giant has disabled the password alert feature from the extension, removing the code for the no-longer-used, in-page and password warning.
This means, Password Alert version 1.7 would disable its primary feature, which give warnings to users about phishing attempts and bad passwords.
However, Google has not released any statement on the upcoming update, but because the Password Alert Chrome extension has been hit multiple times in last few days, Google may be working at a change in tactics this time around.
Google engineers may be working on the extension’s source code to improve the feature that could take few days. Until the time, they want their more than 70,000 Chrome users who had downloaded the Password Alert extension to update version 1.7 that disables the feature.
Google may then soon be coming with Password Alert version 1.8 for its Chrome users that would resolve all the previous issues, as well as it would be strong enough not to be bypassed anyhow.