• Change in Google Chrome Browser: Some early versions of Google's Chrome browser have a change that makes it harder for end users to know when visiting a malicious site. The change affects a small fraction of people running version 36 of Chrome (Canary), causing the browser's address bar (Omnibox) to no longer display the current URL. Instead, the domain name and subdomains are shown in the Origin Chip.
• Developer's Thoughts: Jake Archibald, a Google Chrome developer advocate, gave his personal thoughts on the change here, but no definitive explanation was provided. The change is likely designed to keep up with similar features in other browsers like Internet Explorer, Firefox, and Safari.
• PhishMe's Testing: Researchers at PhishMe tested the trial interface and found that by loading long strings of characters into the address, they could completely suppress the domain name and other address parameters in both the Omnibox and Origin Chip. This could make it easier for attackers to fool end users.
• Blog Post and Criticism: PhishMe analysts Aaron Higbee and Shyaam Sundhar wrote a blog post on Tuesday [http://phishme.com/abusing-go...] calling on Google developers to tweak the change. A week earlier, other bloggers [http://www.allenpike.com/2014...] bemoaned the change, saying it made the Web less usable. The fact that the change can actually diminish end-user security makes it harder to justify making it permanent.
• Browser Window Size Effect: The PhishMe testing showed that the URL lengths required to hide the domain name vary depending on the current window size of the browser. At default size, URLs with 99 or more characters trigger the bug. Reducing the window size also reduces the number of characters needed to hide the address.
• Caution about Chrome Canary: People should not use the extremely unstable Chrome Canary browser versions in mission-critical environments where security is important. However, the PhishMe results provide a strong case for Google developers to rework this feature before making it available for mainstream use.