Chrome's stripping of trivial domain parts is broken

Discussion in '0-day Release' started by RGiskardR, Sep 13, 2018.

  1. RGiskardR

    RGiskardR Malware Tester Silver Member

    [​IMG]
    Google Chrome 69 landed recently and with it came a change that hides information in the browser's address bar on the desktop.

    Chrome 68 and earlier displayed the full web address all the time in the address bar but that is no longer the case in Chrome 69 as Google implemented two changes of which one has far reaching consequences.

    The first change removed the scheme from the URL. Chrome does not display https:// or http:// anymore in the address bar.

    More problematic than the removal of the scheme is the removal of what Google calls trivial parts of the domain.

    If you load www.example.com and example.com (without the www), Chrome displays example.com as the URL even if the two sites are not identical. While www.example.com and example.com often point to the same domain, one redirects to the other, it is not always the case.

    Things get even more problematic for sites that use a structure like test.www.example.com as they will show up as test.example.com in the Chrome address bar when opened.

    Full reading: https://www.ghacks.net/2018/09/07/chromes-stripping-of-trivial-domain-parts-is-broken/
     
  2. Google Adsense

Share This Page