A security expert revealed a flaw in Google's latest anti-phishing feature for its Chrome browser by just adding seven lines of code to it. It was discovered a day after the security extension was launched.

UK-based IT security consultant Paul Moore told Forbes that the codes were able to bypass the Password Alert extension without the user noticing it.

In a video he uploaded in YouTube, Moore demonstrated the flaw by making a fake copy of the Gmail login  page without the code. Password Alert detected it as a fake page and displayed a warning during access and after typing in a password.

Then, he shifted to another fake Gmail login page which contained the additional seven lines of code. The security feature was disabled and he was able to input his password.

The JavaScript code Moore placed into the fake webpage simply changed Password Alert to display the warning message to five milliseconds. The security feature was still present but the warning was displayed too fast to be noticed, making the fake login  page seemed a legit one.

"It's an embarrassment really," Moore said, adding that it only took seven lines of code to launch a phishing attack on a Google account.

Google recognized the flaw and it immediately patched up the Password Alert. Google engineer Drew Hintz advised users to update the extension to version 1.4 and said the problem was already fixed

However, the latest update was again exploited by Moore. He even posted on his Twitter account a screengrab showing that the new update is also vulnerable to phishing attacks.

Google has already updated Password Alert to version 1.6 as of May 1.

While security experts welcome the security tool for Chrome, they advise Google that it should have been  developed further first before it was released to everyone. Password expert Per Thorsheim, Fobes noted, that anyone who plans to use Password Alert should do a risk analysis first.

Since its launch last April 29, more than 125,000 users have already installed the Password Alert extension in their Chrome browsers.

Phishing is a method done by malicious hackers to steal imformation such as passwords, credit card numbers, or social security numbers. They make a copy of  company webpages or email templates to lure users into giving crucial information.

Hackers also exploit poor web security to conduct phishing activities, which have already made its way into social media sites.