Google Chrome flirts with killing URLs

We're all used to lengthy web addresses, but an early Chrome feature suggests Google might try to do away with them.

Google has an interesting idea for upcoming versions of Chrome at could either make browsing safer or destroy the web as we know it. The latest build of Google's Chrome experimental Canary browser introduced a feature that does away with URLs, also known as the web addresses.

The new feature, called the Origin Chip, wasn't enabled by default in my tests. But you can turn it on by enabling the Chrome flag "chrome://flags/#origin-chip-in-omnibox" and setting it to enabled. Although this is very much an experimental feature, you can also enable the Origin Chip in the stable build of Chrome, too.

Bye, bye URL?

Once you enable the Origin Chip, Instead of seeing a full, long string of words, letters, and slashes in the address bar--such as ""--all you'll see is the root domain itself (such as You can see the change in the image at right.

In case you couldn't make it out, that longer string is the URL to direct you to Amazon's Appstore for Android. It also makes the case for killing the URL.

The problem with URLs is that they are lengthy, confusing, and often fail to make any obvious sense, as evidenced by that Amazon link. Arguably, it's much simpler for users just to see That way, you know what site you're on at a glance without having to sort through an extended line of meaningless numbers and letters.

The Origin Chip, if it becomes a regular feature, also has security implications. Phishing scams try to trick unsuspecting users by asking you to visit a site that looks like a common one, hiding behind a URL designed to trick you into thinking you're at the real deal. For example, a Paypal phishing site may have a site name such as

Some people would see the long URL and fail to notice that the site was not PayPal at all. Arguably, the new shortened URLs in Canary would help since it would be more obvious that you were visiting than itself.

That's assuming, however, that users will actually look at the site address even in its simplified form.

More search

Giving users easier tools to protect themselves against phishing isn't the only reason to simplify the URL: It could also encourage you spend more time doing Google searches.

For starters, to the right of the origin chip is the rest of the Omnibox where you are encouraged to either do another search in Google or enter a new URL.

Many people already get to their favorite sites by searching Google instead of just typing in the web address. It's possible that if the URL became less important, more users would simply use to find sites and specific pages they were looking for.

But Google is not perfect, and every now and then a simple Google search for something innocuous like can end with hilarious results. Or, worse, an innocent search for celebrities like Lily Collins could direct you to a malicious website.

The good news is that while the new feature would hide URLs if it becomes a default feature, advanced users can still find the full URL. All you have to do is click on the Origin Chip and Chrome will expose the complete web address.

Join the CSO newsletter!

Error: Please check your email address.

Tags Originamazon.comapplicationsGooglesecuritybrowserssoftwarechrome

More about Amazon.comAmazon Web ServicesFacebookGoogleOriginPayPal

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place