[Njtechdiv] Google Chrome 69 causes potential risk

Tue Sep 11 16:33:42 UTC 2018

A big change in Chrome 69 can put you at risk
https://www.komando.com/happening-now/486524/a-big-change-in-chrome-69-can-put-you-at-risk?utm_medium=nlutm_source=notdutm_content=2018-09-10-a-b

By Francis Navarro

Can you believe that Google Chrome is 10 years old? In that span of 
time, it quickly rose to become the most popular web browser in the 
world, currently grabbing more than 60 percent of the browser market. 
Imagine that!

Chrome's browser market share is so huge, its competitors Safari, 
Firefox, Microsoft's Edge and Internet Explorer, and Opera are not even 
close.

To celebrate Chrome's 10th birthday, Google just released version 69 for 
desktops, Android and iOS. This update introduces a bunch of new 
features including rounded tabs, a brand new menu bar and other subtle 
cosmetic changes based on the Material Design 2 aesthetic.

Chrome 69 also comes with an overhauled password and autofill management 
system and a variety of under-the-hood tweaks that aim to improve 
security and speed up the browsing experience.

Although most of the changes are welcome, there's one subtle tweak that 
has many concerned Chrome users up in arms.

Big change in Chrome's address bar

Here's one change in Chrome 69 that you need to be aware of. Its address 
bar is now hiding the "www" and "m" subdomains from all the websites you 
visit.

For instance, our website "www.komando.com" will only appear as 
"komando.com" in Chrome's address bar from now on.

Google's motive behind this change is understandable. The tech giant 
stated that it wants to make web addresses and URLs much simpler and 
easier to understand for everyone.

However, security researchers are concerned that this change might 
confuse users even further and leave them open to phishing attacks.

With these so-called "trivial" subdomains stripped off Chrome's address 
bar, two completely different sites will now appear the same.

For example, the website "m.tumblr.com", which is not affiliated with 
the official Tumblr site (www.tumblr.com) whatsoever, will be displayed 
as "tumblr.com" in Chrome 69's address bar too.

A website like "www.pool.ntp.org" will show up exactly the same as 
"pool.ntp.org," which is a random NTP server.

Other bugs may be caused by the improper stripping of the "www" and "m" 
on some web addresses, which can result in wrong URLs. For example, 
a website address with a format like "www.name.www.name.com" will be 
shortened to "name.name.com" which can obviously cause navigation errors.

How to restore the "www" and "m" subdomains in Google Chrome 69

Based on the security risks and confusion that this new Google Chrome 
address bar tweak may cause, we advise that you turn off this feature 
for now. Here's how:

1. Open your Chrome browser then copy and paste this on your address bar:

chrome://flags/#omnibox-ui-hide-steady-state-url-scheme-and-subdomains

2. Press Enter.

3. Your Chrome browser will now show a page displaying the "Omnibox UI 
Hide Steady-State URL Scheme and Trivial Subdomains" setting.

4. On its drop-down box, change its setting to "Disabled."

5. Chrome will prompt you to relaunch the browser for the change to take 
effect. Click on the "Relaunch Now" button to restart Chrome.

6. Once you restart, full web addresses with "www" and "m" will be 
displayed once again.
I don't know if this will remain disabled when Chrome automatically 
updates past version 69.