Does Chrome’s Showing Full URL Setting Make You More Secure?

Google Chrome Extension Steals

Engineers at the Google Chromium project are working on a new setting to show the full URL of the website in the browser’s address bar, according to the needs of certain users. This feature is currently only available in the experimental version of Chrome 83 Canary, which has a new address bar context menu that lets users choose “Always show full URL.” Then, Chrome ’s address bar will always show website addresses with “https” and “www”. The new setting is not the same as Google’s decision to remove www from Chrome 70 in 2018, but it does provide options for advanced users to keep the Chrome browser from hiding these details. Google decided to hide the details because it considers www as a “trivial subdomain”.

Previously, Chrome 76 streamlined the URL display style of the address bar and automatically hidden “HTTPS / WWW”. Nevertheless, the new “flag” button can bring back the full display URL feature shortly. Currently, the full URL is not displayed in the Chrome address bar. To view or copy the full URL, you need to click the address bar twice. The incomplete URL is selected for the first time and the full URL is displayed for the second time. Few developers have complained about it for a long time and currently rely on third-party extensions to solve the problem. Google decided to “make URLs easier to read and understand, and eliminate interference with registrable domains”. A new flag was submitted in Chromium Gerrit, which can be downloaded at chrome: // flags # context-menu-show-full-urls in the future. The settings are turned on, and the full URL will be displayed in the Chrome browser address bar.

However, Google notes there may be a negative impact on users’ security decision-making by showing the full URL and claims that: “Showing the full URL may detract from the parts of the URL that are more important to making a security decision on a webpage. However, this risk is mitigated in that we expect that the users who opt into this setting are power users who understand URLs (and in such cases, potentially improve security).”

LIFARS’ interactive training modules deliver stimulating and engaging learning experiences to your employees, equipping them with the tools and resources they need to be successful active participants in the cybersecurity process. We provide highly focused skill training and practical experience to address the cyber workforce security needs for your organization. Our program is a flexible curriculum in scope, length, and content to suit the particular needs of our clients. Training can be administered in half-day, full-day, or multiple-day training sessions; online or on-premises sessions. We specialize in the following areas:

  • Incident Response Training
  • Technical Training
  • User Awareness Training
  • Executive Training
  • Other additional cybersecurity training options upon your request

The training curriculum is designed solemnly on the needs of our clients. Creating a more wholesome and qualitative experience. We include real-world examples and provide use cases and practical hands-on exercises to our program attendants to create a more intuitive experience for trainees to master the topic.



Contact LIFARS Immediately For

Custom Cyber Awareness & Training