Understanding the omnibox for better security

October 22nd, 2010

National Cyber Security Awareness Month is a good time to learn more about how you can use your browser’s security indicators to stay safe online. One of the most important security indicators in Google Chrome is the “omnibox,” the spot where you enter web addresses:

Understanding the omnibox for better security

The first thing to notice about the Omnibox is that Google Chrome highlights the domain name of the website that you’re viewing with a slightly darker color. The domain name indicates which website is being displayed by the browser in the current tab. For example, the domain name in the image above is “”.

Before interacting with a website, check that the Omnibox has highlighted the domain name you expect. If the domain name doesn’t match what you expect, the website might be spoofing the “look and feel” of another site as part of a phishing attack. Google Chrome has built-in protection against phishing, but checking the domain name yourself is a good security habit — especially when entering sensitive information, such as your password or credit card number.

When entering sensitive information, the second thing to notice about the Omnibox is the lock icon, which is displayed to the left of the website address and, in the case above, is colored green. The lock icon indicates that Google Chrome has established an encrypted connection that works like a tunnel between your computer and the domain name displayed in the Omnibox. An encrypted connection helps prevent malicious parties from eavesdropping or tampering with the data sent between your computer and the website. Most websites will use an encrypted tunnel when asking for your password or credit card number to help prevent people using the same wireless network as you, for example at a coffee shop, from being able to eavesdrop on your sensitive information.

Some websites have an “extended validation” certificate that lets the browser determine the name of the organization that runs the website. Notice the green box between the lock icon and the web address in the Omnibox:

Understanding the Omnibox for better security

The extended validation indicator makes it easier for you to determine which organization is responsible for the displayed web page. For example, the extended validation indicator for says “Citigroup Inc [US],” indicating that Citigroup is responsible for that web page – a fact which might have been difficult to determine without the indicator. You should be careful to share sensitive information with a website only if you trust the organization responsible for the site.

If you would like to learn more about the browser’s security indicators, you might enjoy reading our Help Center article on Chrome’s indicators. Until next time, safe surfing!

Posted by Adam Barth, Software Engineer