Google has come up with a new idea that is supposed to make Web browsing much safer via Google Chrome.
Chrome Canary is an experimental version of Google Chrome aimed at developers. According to reports, Canary got an update a couple of days ago that hides long URLs of Web sites from the address bar. This new feature is dubbed by Google as "Origin Chip."
Mechanism Behind Hiding URL
Upon enabling the Origin Chip feature, users will not see the long letters, characters, hyphens and slashes in the address bar, but only the root domain of the Web site is displayed to the user. This feature makes the address bar look uncluttered and more authentic. This feature might remind users of the mobile version of Safari. But this is the first time Google has tried hiding URLs in the address bar.
Apparently, users welcomed this move of Google because the long set of characters, numbers and special characters following the root domain name hardly made any sense to nontechnical users. The technical users are not very impressed with the search giant's move.
According to PhishMe, a Web security firm, hackers will take advantage of this feature to make phishing attacks. Aaron Higbee and Shyaam Sundhar from PhishMe said, "If a URL is long enough, Google's Chrome Canary will not display any domain or URL at all, instead it shows an empty text box with the text 'Search Google or type URL'. This creates a golden opportunity for attackers to carry out data-entry phishing attacks."
Hiding the full URL makes it even harder to distinguish between legitimate and phony Web site. The testing made by the PhishMe duo involved URLs with 30 to 40 characters in length, and 60 to 70 characters in length. In this case, the origin chip feature let the domain name intact, but it removed the rest of the appended alphanumerical texts from the URL. But when they tested a URL with 110 to 120 characters' length, the origin chip feature did not show even the domain name. Instead, it showed an empty box saying "Search Google or type URL," according to CNet.
"In case, the character length goes beyond 98 characters, the Origin Chip will not display any URL," the PhishMe duo quoted. When CNet requested Google to comment on this vulnerability, a Google spokesman described the origin chip feature as "an experiment."
Enabling the New Feature
To try this new feature, users need to enable "Origin Chip" in the address bar. Type the following to enable this feature: "chrome://flags/#origin-chip-in-omnibox" in the Canary "address bar" (also known as Omnibox).
Interested readers can check out the browser by clicking here.