Google to test url spoofing defence in upcoming chrome
Malicious actors often manipulate URLs as part of their phishing attacks, social engineering, and scams.
In an effort to prevent URL spoofing, web browser vendors have started testing various methods, such as only displaying the registrable part of the domain — or highlighting it in the address bar — rather than displaying the full URL.
Google is planning on experimenting with such features. Chrome 86, scheduled for release in October, will only show the domain name by default and the full URL when the user hovers over the address. Alternatively, users will be able to right-click on the URL and select the “Always show full URLs” if they don’t like the new feature.
It’s worth pointing out that random Chrome users will take part in the experiment and enterprise devices will not be included.
However, users who are not included in the experiment but still want to try it out and provide feedback can install the Canary or Dev versions of Chrome and enable certain flags in chrome://flags.
“Goal is to understand — through real-world usage — whether showing URLs this way helps users realize they’re visiting a malicious website, and protects them from phishing and social engineering attacks,” explained the Chrome Security Team.