Functions don’t exist as part of the DOM; instead, they exist within an execution environment that includes the DOM. Content scripts (including scripts run with executeScript) and actual web pages share the same DOM, but have separate execution environments. So calling window.alert = function() {} only rewrites window.alert within your content script’s execution environment, not in the actual page’s one.
The typical way to reach the execution environment of the actual page is to inject a <script> tag into the DOM. This can be done in several ways. One method is to white-list a script in web_accessible_resource, and insert the <script> element referring to this script in the document. The required absolute URL can be obtained via chrome.extension.getURL.
var s = document.createElement("script");
s.src = chrome.extension.getURL("script_in_extension.js");
(document.head||document.documentElement).appendChild(s);
Make sure that the script is configured to "run_at": "document_start", so that the overwrite takes place before any of the page’s functions are loaded.
Note: Your action can easily be undone by the page:
window.alert = function(){ /*...*/ }; // Your overwrite
delete window.alert; // Run from the page/console/...
window.alert('Test?'); // Displays alert box.
If it’s critical that the overwritten function cannot be removed, use Object.defineProperty to define an immutable method. For more details, see Stop a function from execute with Chrome extension.