Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Compact web page navigation dangers on Chrome and Firefox

The feature, which essentially hides the URL bar, browser navigation and search window on the two browsers, removes the graphical aspects at the top of the internet user's screen, so increasing the real estate viewable by the user.

According to the H Online newswire, the feature is enabled within Firefox using an add-on called - ironically enough - LessChrome HD, potentially causing problems.

"Once hidden from view, users can no longer see if they are browsing an SSL-encrypted web page or verify that the security certificate of the site they have visited is valid", says the newswire.

And, notes the newswire, whilst users can hover over the tabs to display this information, it's unlikely that most will do so on every page they visit. "As such, victims may not realise when they are visiting a phishing site", it notes.

The major problem, the German IT newswire goes on to say, is that important information such as Secure Sockets Layer (SSL) status and data on the site's security certificate are also hidden from view.

PC World's Daniel Onescu, meanwhile, points out that the version of Google Chrome being developed with a compact web page navigation feature is aimed at netbook and tablet computer users.

Whilst this has the advantage of giving these users bot more space to display website content, the drawback is something of a trade-off since it "can be dangerous when users don't see the URL of a page - making [users] easier targets of phishing attacks."

Phil Lieberman, president of Lieberman Software, the privileged identity management firm, says there is a real risk with compact Web page navigation.

There really needs to be more thought that goes into this navigation strategy, he said, adding that there is a danger that hackers will subvert the code of the add-in, perhaps by using a poisoned software update strategy.

Lieberman noted that there are lessons that can be learned from smartphone web browsers such as Safari on the Apple iPhone and iPad, which display the URL details and search engine element at the top of the user's screens at all times.

If the user wants to see more of the page, he says, they can zoom in or out of the page to get a better overview of the site in question. The same facility exists on most tablet computers.

 

What’s Hot on Infosecurity Magazine?