Chrome Blog
The latest news from the Google Chrome team
Understanding the omnibox for better security
Friday, October 22, 2010
National Cyber Security Awareness Month
is a good time to learn more about how you can use your browser’s security indicators to stay safe online. One of the most important security indicators in Google Chrome is the “
omnibox
,” the spot where you enter web addresses:
The first thing to notice about the omnibox is that Google Chrome highlights the domain name of the website that you’re viewing with a slightly darker color. The domain name indicates which website is being displayed by the browser in the current tab. For example, the domain name in the image above is “www.google.com”.
Before interacting with a website, check that the omnibox has highlighted the domain name you expect. If the domain name doesn’t match what you expect, the website might be spoofing the “look and feel” of another site as part of a
phishing attack
. Google Chrome has
built-in protection against phishing
, but checking the domain name yourself is a good security habit — especially when entering sensitive information, such as your password or credit card number.
When entering sensitive information, the second thing to notice about the omnibox is the lock icon, which is displayed to the left of the web site address and, in the case above, is colored green. The lock icon indicates that Google Chrome has established an encrypted connection that works like a tunnel between your computer and the domain name displayed in the omnibox. An
encrypted connection
helps prevent malicious parties from eavesdropping or tampering with the data sent between your computer and the website. Most websites will use an encrypted tunnel when asking for your password or credit card number to help prevent people using the same wireless network as you, for example at a coffee shop, from being able to eavesdrop on your sensitive information.
Some websites have an
“extended validation” certificate
that lets the browser determine the name of the organization that runs the web site. Notice the green box between the lock icon and the web address in the omnibox:
The extended validation indicator makes it easier for you to determine which organization is responsible for the displayed web page. For example, the extended validation indicator for
https://www.benefitaccess.com/
says “Citigroup Inc [US],” indicating that Citigroup is responsible for that web page – a fact which might have been difficult to determine without the indicator. You should be careful to share sensitive information with a website only if you trust the organization responsible for the site.
If you would like to learn more about the browser’s security indicators, you might enjoy reading our
Help Center article on Chrome’s indicators
. Until next time, safe surfing!
Posted by Adam Barth, Software Engineer
Labels
3d
53
accessibility
apps
chrome
Chrome Blog
chrome for a cause
chrome notebook
chrome os
chrome web store
chromebook
college basketball
cr-48
demo lab
demolab
extensions
Flash
google cloud print
googlenew
holidays
HTML5
instant
lab tech
mac
web apps
webgl
webrtc
Archive
2016
Sep
Aug
May
Apr
Mar
Jan
2015
Dec
Nov
Oct
Sep
Aug
Jun
May
Apr
Mar
Feb
Jan
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2010
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2009
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feed
Google
on
Follow @googlechrome
Follow
All things Google Chrome
Download Chrome
Download Chrome for Mobile
Chromium Blog
Chromium homepage