Menu
Antiphishing feature fails in beta Chrome browser, security company says

Antiphishing feature fails in beta Chrome browser, security company says

Google's "Origin Chip" feature doesn't display long URLs, undermining its antiphishing intentions

URLs over 98 characters aren't displayed at all when an antiphishing feature called "Origin Chip" is enabled in an experimental version of Google Chrome, a security company found.

URLs over 98 characters aren't displayed at all when an antiphishing feature called "Origin Chip" is enabled in an experimental version of Google Chrome, a security company found.

An experimental feature in test versions of Google's Chrome browser that is intended to provide greater protection against phishing can, in some cases, do the opposite, according to a security company.

The "Origin Chip" feature shows the root domain of a website which in theory makes it easier for users to spot if they are going to "paypal.com" or "paypalripoff.com" without the distraction of the rest of the URL describing the exact location of the web page.

Origin Chip is a beta feature in "Chrome Canary," a browser intended for developers and early adopters that has features under consideration for future release. It moves the full domain out of the "Omnibox," used for search and to one side of the browser. The feature can be turned on in "chrome://flags/," a menu of experimental features, in Chrome Canary Version 36.0.1975.0.

PhishMe, which runs antiphishing training programs, found that if a URL is long enough, Canary doesn't display the domain at all. Instead, it displays a blank Omnibox with ghost text.

"While Canary is intended to help the user identify a link's true destination, it will actually make it impossible for even the savviest users to evaluate the authenticity of a URL," wrote Aaron Higbee and Shyaam Sundhar of PhishMe.

Google warns that Chrome Canary is bleeding edge and can break down completely.

Higbee and Sundhar entered longer and longer domain and subdomain combinations to see how Origin Chip would perform. URLs exceeding 98 characters were not shown by Origin Chip, they wrote.

Origin Chip's reaction to long URLs was also dependent on the size of the browser, they found. Smaller browser windows caused Origin Chip to stop displaying URLs shorter than 98 characters.

The behavior means "that even security savvy users who have been trained to recognize malicious URLs will be at risk," Higbee and Sundhar wrote.

One solution may be to keep the whole URL intact and put a visual focus on the root domain, they wrote. "Merely extending the length of the URLs it will display isn't a solution, because attackers will just make URLs as long as they need to be to avoid being displayed."

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags browsersGooglesoftwareapplications

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments