Google Chrome 86 Browser Adds New Feature To Help Users Spot Spoofed URLs
Web users rely on the URL as their primary method to determine if a website is authentic, but Google admits that URLs have usability challenges. There are a number of ways attackers can manipulate URLs to confuse users about the authenticity of a website. Users being tricked by spoofed URLs can lead to phishing, social engineering, and other scams.
Google points to a study its researchers conducted that found over 60% of web users were fooled when a misleading brand name was placed in a URL path. Browsers attempt to approach handling spoofed URLs via various methods, and in Chrome 86, the search giant plans to experiment with how URLs are shown in the address bar on desktop platforms. The method that Chrome 86 will use will show the website name in the bar by default, and if the user hovers over the bar, the full URL will be shown.
Users who prefer to see the full URL by default will be able to right-click on the URL, and choose "Always show full URLs" from the context menu that opens. Google does point out that enterprise-enrolled devices won't be included in the Chrome 86 URL experiment. Users of Chrome 86 will be randomly assigned to the URL experiment. Chrome Canary or Dev channel installs can activate the feature by enabling the following flags:
- Optionally, #omnibox-ui-hide-steady-state-url-path-query-and-ref-on-interaction to show the full URL on page load until you interact with the page.