Skip to main content

Chrome Canary’s anti-phishing beta feature fails its flight test, security company says

chrome canarys anti phishing beta feature fails to work as intended google
Image used with permission by copyright holder

If you spend a considerable amount of time on the Web, then you likely already know that phishing is a fact of life. Google knows this too, so in an effort to help people sidestep such dangers, it has been working on a feature called Origin Chip. 

However, Web security firm PhishMe says that while Origin Chip is designed to strip out a URL down to its bare essentials to make it easier to determine whether you’re the target of a phishing attempt, it sometimes does the opposite.

“We’ve discovered that if a URL is long enough, Canary will not display any domain or URL at all, instead showing an empty text box with the ghost text Search Google or type URL,” Aaron Higbee and Shyaam Sundhar of PhishMe said. “This creates a golden opportunity for attackers to carry out data-entry phishing attacks.”

Instead of displaying, for instance, or, a flaw in Origin Chip could shroud the entire URL altogether, which makes it impossible for you to determine whether you’re on a legitimate site or not just by looking at the URL in your browser’s address bar. Google has incorporated the feature into Chrome Canary, a version of the tech giant’s web browser that’s geared towards developers. 

Higbee and Sundhar suggest that “a potential solution would be to keep the entire URL intact, but put a visual focus on the root domain.” Perhaps color-coding the root domain with hues like green for “safe” and red for “unsafe” could go a long way towards decreasing the likelihood that an average user falls victim to a phishing attempt.

With that in mind, it’ll be interesting to see how Google will tackle this problem in future releases of Chrome.

What do you think? Sound off in the comments below.

Editors' Recommendations

Konrad Krawczyk
Former Digital Trends Contributor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
Update Google Chrome now to protect yourself from an urgent security bug
Google Chrome app on s8 screen.

Google posted a security update for its Chrome browser that fixes what's known as a zero-day bug. The problem affects Chrome on Windows, Mac, and Android. The flaw can lead to arbitrary code execution, a serious security vulnerability, so it's best to download and install the latest version immediately. Zero-day bugs mean that this is a known weakness and, in this case, Google said that the flaw is already being exploited by hackers.

Google did not post a detailed explanation of how the exploit works, but will do so when the majority of people have updated, making the danger of further attacks less severe. The most severe bug is identified as CVE-2022-2294 and the update also patches CVE-2022-2295 and CVE-2022-2296.

Read more
Google says Chrome is now 20% faster on Macs
A MacBook with Google Chrome loaded.

If you feel like Google Chrome is running faster on your Mac, then you're not mistaken. Google recently shared some new statistics behind the web browser, and is claiming that Chrome is now 20% faster on Macs based on the Speedometer benchmark testing.

According to Google's data, Chrome on Mac hit over 360 on Speedometer testing. That comes just three months after the browser became the highest scoring browser on Speedometer, ever with a score of 300. For reference, Goggle tested Chrome on the M1 Max MacBook Pro running macOS 12.3.1, with Chrome version 104.0.5102.0. The browser was the ARM64 native optimized version. The below graph shows the differences between older and newer Chrome versions in scoring, where higher scores are better.

Read more
Microsoft Edge’s free VPN may become its must-have feature
Person surfing the Internet with Microsoft Edge browser.

Can a free VPN service that's built into a browser lure you away from Google's popular Chrome? Microsoft hopes so, as the company is starting to roll out an experimental VPN service to its Edge browser called the Microsoft Edge Secure Network Service that's designed around privacy and security.

Unlike popular VPN services that protect all traffic from your smartphone, tablet, or laptop, Microsoft's Edge Secure Network Service only safeguards traffic originating from the company's Microsoft Edge browser, which originally debuted with Windows 10.

Read more