Chrome 86 will ‘simplify’ URLs to prevent phishing scams

by Kelvin
Chrome 86 will 'simplify' URLs to prevent phishing scams

Google announced on Wednesday (12) that it will test a new way to protect users from fake pages. Chrome 86 will only show domain names in the address bar instead of full URLs. Thus, the full link would only be displayed when the mouse cursor is over the bar, leaving the domain in evidence.

The company follows the path of other browsers, such as Safari. The browser of Apple shows only the domain in the address bar, while the URL is shown when the user clicks.

Naturally, Google allows the user to right-click on the URL and choose the option “Always show full URLs”.

  

Google hopes to protect users from phishing and social engineering attacks on malicious websites. “Our goal is to understand – through real-world usage – whether displaying URLs in this way helps users realize they are visiting a malicious website,” the company said in a statement.

With the most significant part of the link in evidence, the user can identify if they are accessing a fake page with a typo in the URL – such as “googIe.com” with a capital “i”.

Weapon against phishing

The news hits desktops, and Google hopes “the change will protect users from scams and phishing attacks using deceptive URLs.”

During the pandemic, security company Kaspersky identified that phishing attacks on mobile devices in Brazil grew by more than 4% in April. The company also revealed that it identified a 124% increase in widespread scams, especially via WhatsApp, using covid-19 as a motto.

Chrome 86 is expected to ship in a stable version until October. To use the feature now, you need to download the Canary or Dev version of your browser. Then, just go to the “chrome://flags” page and activate the following features (or ‘flags’):

  • #omnibox-ui-reveal-steady-state-url-path-query-and-ref-on-hover
  • #omnibox-ui-sometimes-elide-to-registrable-domain
  • #omnibox-ui-hide-steady-state-url-path-query-and-ref-on-interaction – this shows the full URL until the user interacts with the page