Skip to main content

Google Chrome will test whether only showing a page’s domain better protects users

Avatar for Abner Li  | Aug 12 2020 - 11:38 am PT
0 Comments

URLs can be manipulated to make people think they’re visiting a legitimate site. Google has long wanted to solve this problem, and Chrome in version 86 will test just showing the domain in the address bar.

Google’s issue comes down to how “URLs remain the primary way users determine the identity and authenticity of a site.” This is despite the fact that people’s perception of them can be easily manipulated by including the legitimate domain as part of a very long address that just gets skimmed over.

For example, there are myriad ways that attackers can manipulate URLs to confuse users about a website’s identity, which leads to rampant phishing, social engineering, and scams. In one study, more than 60% of users were fooled when a misleading brand name appeared in a URL’s path.

Chrome 86, which is entering the beta channel this September and launches in stable a month later, will “experiment with how URLs are shown in the address bar on desktop platforms.” Mobile platforms are excluded, though Safari already has a similar implementation.

Our goal is to understand — through real-world usage — whether showing URLs this way helps users realize they’re visiting a malicious website, and protects them from phishing and social engineering attacks.

The Google browser will just show the domain name in the address bar. For example, when visiting:

https://en.wikipedia.org/wiki/Google

Users will only see:

en.wikipedia.org

Hovering over the address bar will reveal the full URL. Those randomly selected to be in the experiment can turn it off by right-clicking in the Omnibar and selecting “Always show full URLs.”

Enterprise users will not be included in this experiment. Anyone can test this domain-only address bar in Chrome Canary or Dev (86) today by enabling the following flags:

  • #omnibox-ui-reveal-steady-state-url-path-query-and-ref-on-hover
  • #omnibox-ui-sometimes-elide-to-registrable-domain
  • Optionally, #omnibox-ui-hide-steady-state-url-path-query-and-ref-on-interaction to show the full URL on page load until you interact with the page.
Add 9to5Google to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Google on YouTube for more news:

Comments

Guides

Google Chrome

Google Chrome

Available for Windows, Mac, and Linux, Google C…

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications