A big change in Chrome 69 can put you at risk

A big change in Chrome 69 can put you at risk

Can you believe that Google Chrome is 10 years old? In that span of time, it quickly rose to become the most popular web browser in the world, currently grabbing more than 60 percent of the browser market. Imagine that!

Chrome’s browser market share is so huge, its competitors Safari, Firefox, Microsoft’s Edge and Internet Explorer, and Opera are not even close.

To celebrate Chrome’s 10th birthday, Google just released version 69 for desktops, Android and iOS. This update introduces a bunch of new features including rounded tabs, a brand new menu bar and other subtle cosmetic changes based on the Material Design 2 aesthetic.

Chrome 69 also comes with an overhauled password and autofill management system and a variety of under-the-hood tweaks that aim to improve security and speed up the browsing experience.

Although most of the changes are welcome, there’s one subtle tweak that has many concerned Chrome users up in arms.

Big change in Chrome’s address bar

Here’s one change in Chrome 69 that you need to be aware of. Its address bar is now hiding the “www” and “m” subdomains from all the websites you visit.

For instance, our website “www.komando.com” will only appear as “komando.com” in Chrome’s address bar from now on.

Google’s motive behind this change is understandable. The tech giant stated that it wants to make web addresses and URLs much simpler and easier to understand for everyone.

However, security researchers are concerned that this change might confuse users even further and leave them open to phishing attacks.

With these so-called “trivial” subdomains stripped off Chrome’s address bar, two completely different sites will now appear the same.

For example, the website “m.tumblr.com”, which is not affiliated with the official Tumblr site (www.tumblr.com) whatsoever, will be displayed as “tumblr.com” in Chrome 69’s address bar too.

A website like “www.pool.ntp.org” will show up exactly the same as “pool.ntp.org,” which is a random NTP server.

Other bugs may be caused by the improper stripping of the “www” and “m” on some web addresses, which can result in wrong URLs. For example, a website address with a format like “www.name.www.name.com” will be shortened to “name.name.com” which can obviously cause navigation errors.

How to restore the “www” and “m” subdomains in Google Chrome 69

Based on the security risks and confusion that this new Google Chrome address bar tweak may cause, we advise that you turn off this feature for now. Here’s how:

1. Open your Chrome browser then copy and paste this on your address bar:

chrome://flags/#omnibox-ui-hide-steady-state-url-scheme-and-subdomains

2. Press Enter.

3. Your Chrome browser will now show a page displaying the “Omnibox UI Hide Steady-State URL Scheme and Trivial Subdomains” setting.

4. On its drop-down box, change its setting to “Disabled.”

5. Chrome will prompt you to relaunch the browser for the change to take effect. Click on the “Relaunch Now” button to restart Chrome.

6. Once you restart, full web addresses with “www” and “m” will be displayed once again.

I hope this helps you out!

Tags: Android, Google, Google Chrome, internet, phishing, security, web browser