Category: Google|Aug 24, 2020 | Author: Admin

Google to trial drastically truncated URLs in Chrome in anti-phishing move

Share on

Google will run a trial with Chrome 86, the browser set to release in October, that will hide much of a site's URL as a way to foil phishing attacks.

http.jpg

"We're ... going to experiment with how URLs are shown in the address bar on desktop platforms," Emily Stark, Eric Mill and Shweta Panditrao, all members of Chrome's security team, wrote in an Aug. 12 post to a company blog. "Our goal is to understand -- through real-world usage -- whether showing URLs this way helps users realize they're visiting a malicious website, and protects them from phishing and social engineering attacks."

The test will roll out in Chrome 86 – currently slated to ship Oct. 6 – with participants chosen randomly. Stark, Mill and Panditrao did not specify the number of Chrome users, or even a percentage of the browser's total, who will see the address bar pilot. Enterprise-enrolled devices won't be included in this Chrome 86 experiment, they added.

Rather than display the entire URL in Chrome's address bar, the trial will instead condense it to what Google called the "registrable domain," which it explained means (the "most significant" part of the domain name). If the full URL for, say, a Computerworld article is https://www.computerworld.com/article/3571442/microsoft-sets-new-support-deadlines-for-ie11-and-edge.html, then the registrable domain would be computerworld.com.

Showing only the domain, the three Google engineers argued, might make it easier for users – those who look at the address bar, anyway (not everyone does) – to ensure they were at the right place, not at a malicious site they'd been tricked into visiting. "There are myriad ways that attackers can manipulate URLs to confuse users about a website's identity," Stark, Mill and Panditrao said. "(That) leads to rampant phishing, social engineering and scams."

(The trio cited a 2020 research paper – "Measuring Identity Confusion with Uniform Resource Locators" – to make their case. Of the nine who wrote the paper, two were from Google; the remaining were from the University of Illinois at Urbana-Champaign.)

To view the complete URL, the user simply moves the pointer atop the address bar and let it hover for a moment. At that time, Chrome reconstitutes the URL to its full form. Another way: Chrome will sport a new item in the right-click menu – "Always show full URLs" – that will set the address bar to show the whole URL for all sites.

Although Chrome 86 won't be available in the final ready-for-release form – Google calls that Stable – for months, users can put the test to, well, the test now. Using either the Canary or Dev builds (now at Chrome 86), users can enter chrome://flags in the address bar, then set these two items to Enabled and relaunch the browser:

#omnibox-ui-reveal-steady-state-url-path-query-and-ref-on-hover
#omnibox-ui-sometimes-elide-to-registrable-domain

(In Computerworld's test, the macOS version of Chrome 86 Dev did not display the "Always show full URLs" item in the right-click menu.)

This won't be the first time that Google has monkeyed with the way the URL appears in Chrome's address bar. Two years ago, for instance, Google dropped the www and m prefixes, but after pushback, reversed course on the former.

Sponsored Ads:

Comments:


Fiber.jpg

'Massive' transatlantic data cable landed on beach in Bude

Category: Google|Sep 17, 2021 | Author: Admin
Discord.png

YouTube shuts down Discord music bot ‘Rythm’

Category: Google|Sep 16, 2021 | Author: Admin
Facebook.webp

Facebook's secret rules differentiate between the "elite" and most people

Category: General|Sep 15, 2021 | Author: Admin
Apple.webp

Apple suddenly had to crisis-update the iPhone and Mac

Category: Apple|Sep 14, 2021 | Author: Admin
Epic.webp

Epic is blocked forever on all Apple platforms

Category: Apple|Sep 13, 2021 | Author: Admin
Desktop-Screenshot.png

NVIDIA To Launch GeForce RTX 30 SUPER ‘Ampere Refresh’ In January 2022, GeForce RTX 40 ‘Ada Lovelace’ GPUs in October 2022

Category: General|Sep 12, 2021 | Author: Admin
chrome-os-secret-weapon-100856418-large.jpg

3 smart shortcuts for a curiously hidden Chrome OS command

Category: Google|Sep 11, 2021 | Author: Admin
sunset-gold-iphone-13-render.png

iPhone 13 unveiled in Ukraine

Category: Apple|Sep 10, 2021 | Author: Admin
iCloud.jpg

Apple brings iCloud passwords to Windows, Microsoft's Edge

Category: Apple|Sep 9, 2021 | Author: Admin
AI.webp

AI will determine if you are allowed to drive

Category: General|Sep 8, 2021 | Author: Admin
TPM.png

The game is now blocking unsupported Windows 11 machines

Category: IT|Sep 7, 2021 | Author: Admin
Tech.png

US court rejects patent applications from AIs

Category: General|Sep 6, 2021 | Author: Admin
black.png

Facebook apologizes: their AI tagged video of black men as 'Primates'

Category: General|Sep 5, 2021 | Author: Admin
Apple.png

Apple postpones abuse monitoring after massive criticism

Category: Apple|Sep 4, 2021 | Author: Admin
Microsoft.png

If you do not have a supported machine, you will be thrown out of the Windows 11 testing

Category: Microsoft|Sep 3, 2021 | Author: Admin
more