Google: We will hide the full URL in Chrome 86 to combat phishing

Google will subject Chrome users to a large-scale test in the next version of their browser to find out how people respond to simply viewing the domain name of a page without the full URL of pages on that page.

The test will run on Chrome 86, which is due for a stable release at the end of this month.

Chrome 86 is already known to include a feature that detects and disables heavy ads and smokes JavaScript timers that are used on websites to provide a better battery life for end-user devices.

Google’s new experiment will include some “randomly assigned” users of Chrome 86. These users will have two choices once the full URL (Uniform Resource Locator) is hidden. For example, those in the experiment would see en.wikipedia.org instead of the full address of the specific Wikipedia page.

As a first step, users in the experiment can hover over the restricted URL to display the full URL. The other option is to right-click on the URL, and select ‘Always show full URLs’ in the context menu. Chrome will show the full URL of all future pages visited.

The purpose of the experiment is to see if this approach helps people to spot phishing URLs.

As Google points out, there are many ways scammers and attackers can tweak a URL to trick users into thinking they are opening a legitimate and authentic page.

Apple Safari is one browser that already shows the domain name by default and like Chrome no longer shows the HTTPS part of the URL.

“In Chrome 86, we’ll also be experimenting with how URLs are displayed in the address bar on desktop platforms. malicious Web site, and protects them from phishing and social engineering attacks, “says the Chrome security team.

Chrome users can test the approach Google is exploring in the Chrome Canary and Dev channels. Users need to open chrome: // flags in Chrome 86 and enable different flags before restarting Chrome.

The flags include:

• # omnibox-ui-reveal-steady-state-url-path-query-and-ref-on-hover
• # omnibox-ui-sometimes-delete-to-register-domain
• Optional is # omnibox-ui-hide-steady-state-url-path-query-and-ref-on interaction to see the full URL on page loads until you interact with the page.