Google to Run Experiment in Fight Against URL Spoofing in Chrome

Google announced on Wednesday that it’s preparing to run an experiment in Chrome 86 as part of its fight against URL spoofing.

Malicious actors often manipulate URLs as part of their phishing attacks, social engineering, and scams. Research conducted recently by Google and the University of Illinois at Urbana-Champaign showed that 60 percent of users were tricked when a URL path contained a misleading brand name.

In an effort to prevent URL spoofing, web browser vendors have started testing various methods, such as only displaying the registrable part of the domain — or highlighting it in the address bar — rather than displaying the full URL.

Google is also planning on experimenting with such features. Chrome 86, scheduled for release in October, will only show the domain name by default and the full URL when the user hovers over the address. Alternatively, users will be able to right-click on the URL and select the “Always show full URLs” if they don’t like the new feature.

Google taking measures against URL spoofing

It’s worth pointing out that random Chrome users will take part in the experiment and enterprise devices will not be included.

However, users who are not included in the experiment but still want to try it out and provide feedback can install the Canary or Dev versions of Chrome and enable certain flags in chrome://flags.

“Our goal is to understand — through real-world usage — whether showing URLs this way helps users realize they’re visiting a malicious website, and protects them from phishing and social engineering attacks,” explained the Chrome Security Team.

Related: Zoom’s Vanity URLs Could Have Been Abused for Phishing Attacks

Related: Address Bar Spoofing Vulnerability Found in Several Browsers

Related: Google to Fix Address Spoofing Bug in Chrome

view counter

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Previous Columns by Eduard Kovacs:

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published.