HackDig : Dig high-quality web security articles for hackers

Chrome may bring back ‘www’ with option to show full URLs

2020-03-30 10:29

Enough people must have griped about the loss of “www” and “https” in Chrome’s address bar to make Google rethink it: Chromium developers are testing a new Omnibox context menu that would give users the option to “Always Show Full URLs.”

You can see what the final rendition of the “Show Full URLs” menu might look like here.

Google’s doing this a bit grudgingly: it still thinks that showing what it’s called the “trivial subdomain” will distract users making security assessments.

The feature is currently available only in the experimental Chrome 83 Canary build. After users select the option in Chrome’s address bar – what Google likes to call the “Omnibox” – it will stay there permanently, always showing full web addresses, replete with their “https” and “www”.

On 17 March, Chromium developers outlined the plan for users to opt-out of URL snippage in a post on the bug tracker titled “Implement Omnibox context menu option to always show full URLs”.

The post’s author, Chromium software engineer Livvie Lin, had this to say in a design document:

The Omnibox context menu should provide an option that will prevent URL elisions for the entire Chrome profile.

We’re not sure that this won’t do more harm than good, Lin said:

Showing the full URL may detract from the parts of the URL that are more important to making a security decision on a webpage.

…but the risk is mitigated by the fact that Google expects that users who opt-in to the setting are “power users who understand URLs (and in such cases, potentially improve security),” Lin said.

Lin said that this will be for desktop only. It will apply across all desktop sessions (including Incognito sessions) on all devices, as it applies to Chrome profiles.

Google removed the “www” from Chrome 70 in 2018. The new setting doesn’t reverse that decision, in spite of it having been a controversial move that some said would actually make it easier for crooks to fool us with fake websites.

The feature is still experimental in Chrome 83. It can be enabled in that version by typing in chrome://flags/ and setting Context menu show full URLs.

It will be a quick way to permanently stop Chrome from making what it refers to as elisions in the Omnibox – if, in fact, the feature makes its way to the final Chrome 83 release.


Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.


Source: /slru-lluf-wohs-ot-noitpo-htiw-www-kcab-gnirb-yam-emorhc/03/30/0202/moc.sohpos.ytirucesdekan

“Chrome may bring back ‘www’ with option to show full URLs”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud