Google's experimental version of its Chrome browser called Canary could have a serious flaw. The latest version of the new feature called Origin Chip removes parts of the URL or Web address when the Web page relies on a very long URL. The new feature focuses on giving users tools to protect themselves against phishing. It appears to make the URL less important.
The Origin Chip would replace a full URL describing the page's location on the Web in the bar with a condensed version that just shows the Web site's main domain. PhishMe discovered what it refers to as a security vulnerability in the feature. The company's chief technology officer, Aaron Higbee, told MediaPost the feature will reduce URLs so users will not have the option to read and verify the Web site's origin, putting consumers at risk for phishing attacks.
Consumers have been trained to look at the URL at the top of the page to verify the site's authenticity. "If someone's going to the PayPal site to make a payment at least the main domain name is highlighted, but we wanted to know how this would affect the really long URLs," Higbee said. "We were shocked that a really long URL made the entire host name disappear. We thought surely this would be one of the first things their quality testers would try."
PhishMe ran tests. In the first one it used a URL that fits into the space provided for Origin Chip with a domain and sub-domain length combined to make a URL between 30 and 40 characters long. This displayed as Canary intended. The third scenario tested a URL exceeding 100 characters, which made the URL disappear.
There are several reasons that a site might have a long URL. Doc Sheldon, founder of Intrinsic Value SEO, said that aside from a layered navigation on the site, a poorly crafted title can add length, along with category and tag archives.
There's no reason to think Google will not fix the flaw, but a shorter URL could put consumers in jeopardy. The question then becomes: would it make consumers change their online buying behavior and make them less likely to shop online at retailers they know little about? "I think an argument could be made that it should make people less willing to shop online, but I doubt that it will have any major effect," Sheldon said.