Best answer by Kit
If it's really going to https://google.com/webhp or https://www.google.com/webhp (The official Google server is the critical part), then you're fine. If it goes to something like google.com.webhp.com/stuffhere, that is bad.
Web Home Page
That URI (Uniform Resource Indicator; the part of a web address after the server) handles all sorts of data for Google. For example, I typed in "squishy green" and then clicked on "green squishy baff" in the dropdown selector. My URL was like this:
Parts of that that we can easily determine:
hl=en means the home language is English.
q=green+squishy+baff shows the final query that was looked up.
oq=squishy+green shows what I was typing before I clicked on the final query.
Everything else is Google Inner Workings. It helps Google figure out what you were typing, how you were typing it, and what it showed you as options, as well as what you clicked on. That way they can try to figure out what is the most popular options and what people are actually looking for. If they find out that most people who type "squishy green" will click on "green squishy baff", they will start trying to present it as an option when you have typed "squishy gree" and then "squishy gre" and "squishy gr" and so on, to figure out how to speed things up for people.
Simply put, google.com/webhp (or Google.ca or other Google international domains) is perfectly fine.
Tricky thing that a lot of people don't realize:
Chrome stores your data on their servers and synchronizes. If the master browser sets the home page to something, any time you log into another computer's Chrome with your Google account, it will go to that home page. That means that it's possible for a virus to steal your Chrome and Google credentials on a completely different computer, then set your server sync data to a fake home page. -NO- antivirus can prevent this because it's using Google's secure communication with your Chrome login to send it, but if the site is Really, REALLY Bad, then WSA will still block it. So if you get an infection on a computer that doesn't have WSA on it, it can take over your Chrome home page on every single computer that syncs to Google. It'll even take over your home page on Macs and iPhones and Android Phones running the page sync. It also affects Firefox and Opera and any other system that sync to the network.