Chrome to warn users about lookalike URLs

Martin Brinkmann
Jan 31, 2019
Google Chrome

Google Chrome may soon warn users when they visit what Google calls lookalike URLs. Lookalike URLs is a loose term that describes site addresses that look very similar to the domain of an authoritative or popular site.

Google does not seem to distinguish between purpose when it comes to the definition of lookalike URLs; the Google Chrome feature displayed warnings or different types of URLs, e.g. URLs that were not registered but still look similar to popular URLs, but also when visiting URLs that are registered and load sites when accessed.

Phishing attacks, a common form of threats on the Internet designed to steal account credentials and other important data, use lookalike domain names often to make the attack -- posing as a different site -- more effective.

Chrome: Navigation suggestions for lookalike URLs

chrome lookalike

Chrome's algorithm determines whether URLs are potential lookalike URLs. The web browser displays a "did you mean to go to [URL]" notification at the top of the page if the algorithm determined that the visited URL is likely not the intended target of the user.

Isn't that what Chrome's phishing protection aims to do? Yes, and no. Phishing protection protects users against reported phishing sites while the new security feature against sites that are potentially dangerous.

The security feature is hidden behind a flag currently. The flag is available in all versions of Chrome that Google supports but it works only in Canary versions of the browser (maybe Dev as well, not tested).

google chrome navigation suggestions lookalike urls

Here is what you need to do to enable it:

  1. Load chrome://flags/#enable-lookalike-url-navigation-suggestions in the browser's address bar.
  2. Switch the status of the flag to Enabled (from default).
  3. Restart the Chrome web browser.

Chrome will display the "did you mean to go to" notifications when you visit a lookalike URL after the restart. Note that the browser does not catch all lookalike URLs but only select ones. Google is probably still working on the determination algorithm as it is not always clear why one URL is detected as a lookalike while another, very similar URL, is not.

Closing Words

The feature is experimental at the time of writing which means that Google may change it or remove it entirely in the future.The highlighting of lookalike URLs is mostly useful to inexperienced users in my opinion. It could prevent them from entering credentials and other important information on sites, and to interact with these lookalike sites provided that they act and don't ignore the message.

Now You: Is the lookalike URL warning a good thing?

Chrome to warn users about lookalike URLs
Article Name
Chrome to warn users about lookalike URLs
Google Chrome may soon warn users when they visit what Google calls lookalike URLs that look similar to URLs of popular sites and services.
Ghacks Technology News

Previous Post: «
Next Post: «


  1. Clairvaux said on February 1, 2019 at 10:51 pm

    That’s a very good security feature if it works correctly.

    Hard to spot fake URLs (combined with some clever social engineering) are one of the most dangerous phishing avenues.

  2. Anonymous said on February 1, 2019 at 12:58 pm

    I used

    It was fascinating. On my tablet, which only I use, there are many websites which I have never visited. None of them look as though they are malicious, they are just ones that are obviously about topics in which I have no interest. Can anyone explain this? Also, over what period of time does this default to?

    1. user17843 said on February 1, 2019 at 2:29 pm

      The data is cleared with browsing history.

      All of those domains you see have definitely been actively visited with the browser.

      What this Chrome feature does is locally comparing the urls you put into your browser with the ones you visited.

  3. JLopez said on February 1, 2019 at 3:28 am

    ‘Chrome’s algorithm determines whether URLs are potential lookalike URLs…’

    Where is the source of data used by this Google algorithm?
    Are the URL’s ever sent to Google servers (like they are for ‘safe browsing’?)

    Should the user connect to the unintended website then AFTERWORDS Google questions? (backwards)

    Why not just use Google’s DNS lookup who already stores are URLs? (redundant)

    When I’m unsure of a URL I ask Startpage or DuckDuckGo. They do the similar correction BEFORE me taking the risk going somewhere unintended. Notice many search engines embed the query in the URL (which Google can then store.)

    Why not just ask trusty Facebook? /s

    1. user17843 said on February 1, 2019 at 10:14 am

      Safe Browsing does not send urls, except there’s a positive find.

  4. 11r20 said on January 31, 2019 at 8:21 pm

    Use both Pi-Hole & FF 51 or older where
    the old legacy uBlock-Original still accepts many many serious blacklists that block all look-alike URL’s

    Block all known e100 google networks at the firewall level and use software like an older version of NetLimiter that does not use google to look up Ip’s and URL connection history…I’m using 40.39 with the dark grey skin to enjoy my labor…I’ve also blocked all known ‘hwcdn’ and ‘mcast’ network IP’s as well

    Am running extremely fast and quiet using a minimal amount of data on a 50 mile ship to shore repeater

  5. Yuliya said on January 31, 2019 at 7:23 pm

    Such funtionality should have a clear UI toggle, or be included in some option, like safe browsing one, since it clearly involves sending yout history to someone (Google?).

    1. supergirl said on February 1, 2019 at 10:22 am

      I agree with Yuliya.
      Tho Finally the average Schlub can get a benefit from Google’s spying.

    2. user17843 said on January 31, 2019 at 11:22 pm

      It appears to be local.

      Go to chrome://site-engagement/, there you see your most visited sites. Those sites get an engagement score.

      The lokalike url navigation suggestion algorithm is only triggered when a domain has such an engagement score.

      Which probably means everytime you visit a never visited, suspicious doman that looks similar to a URL in your site engagement list, google will offer a warning.

      Since site engagement data is entirely local, I guess the algorithm is, too.

      1. Yuliya said on February 1, 2019 at 9:57 am

        Ah, then this is good news, as I use Chromium myself :)

    3. ShintoPlasm said on January 31, 2019 at 8:26 pm

      By what logic do you think it sends your history to Google? Maybe it’s a local algorithm flagging up punycode addresses and suggesting what the URL should be with the punycode stripped away?

      1. Yuliya said on February 1, 2019 at 2:51 am

        goo0gle dot com is not exploiting punycode.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.