Originally Posted by
plunet
If the pop up happened after entering a username and password, then the behaviour is aligned with the Chrome compromised creds function. But if the pop up happened before a username and password was entered, then I agree it was probably a phishing site.
Confirmed, not solely related to QR. A genuine issue was picked up.
Needless to say every account now has different passwords, which are significantly more robust.