A flaw in Google Chrome’s expansion software & Password Alert was exposed only days after it was released. A security consultant, Paul Moore, released information on how websites that were attempting phishing scams could render the expansion non-functional with seven lines of code added to the website.
The Password Alert expansion is intended to alert Google users if a site is potentially malicious, and stop users from entering Google passwords into non-Google sites.
Analyst comment:
Google has announced that there is a further update to the Password Alert software, and that the problem has been fixed. Moore announced late last week that he has found another flaw in the Password Alert software. Google has not yet responded to the accusation of a second flaw in the software.
Pinkerton advises clients to keep all security programs up to date on all computers and personal devices. Devices should be checked by network security to ensure no malware or other malicious software has been installed onto devices, and clients avoid unfamiliar websites and unauthorized software.