Real-Time Phishing Protection Coming Soon to Chrome

In a significant security update slated for release later this month, Google is set to enhance its Chrome browser with a new layer of defense against phishing and malware threats, ensuring users’ browsing remains private and secure.

Google’s Safe Browsing Evolution

Since its inception in 2005, Google’s Safe Browsing has been a cornerstone in the fight against web-based threats, offering robust protection against phishing attacks, malicious domains, and various online scams.

To further bolster this protection, Google introduced an optional Safe Browsing Enhanced Protection mode, leveraging artificial intelligence to offer even faster and more proactive defense mechanisms through comprehensive file scans.

The Shift to Real-Time Verification

Traditionally, Safe Browsing operates by cross-referencing websites, downloads, and extensions against a locally stored list of known harmful URLs, which is updated every 30 to 60 minutes from Google’s servers.

However, the rapid pace at which malicious sites appear and vanish – often within a mere 10-minute window – has prompted Google to shift towards a real-time verification approach against its server-side list of threats.

“Safe Browsing already protects more than 5 billion devices worldwide, defending against phishing, malware, unwanted software and more. In fact, Safe Browsing assesses more than 10 billion URLs and files every day, showing more than 3 million user warnings for potential threats,” remarked Google’s Jasika Bawa and Jonathan Li.

Enhancing User Privacy 

This real-time protection feature, also extending to Android devices later this month, employs encryption and several privacy-enhancing methods to ensure that users’ website visits remain confidential – even from Google. The backbone of this privacy-centric approach is a new API that leverages Fastly Oblivious HTTP (OHTTP) relays, effectively anonymizing the URLs of visited sites. 

Google’s Safe Browsing Warning (Source: Google)

Users’ URLs are partially hashed and sent to Google’s Safe Browsing engine via an OHTTP privacy server, which conceals their IP addresses and mixes  their hash checks with those of others, further enhancing privacy. The hash prefixes, encrypted before transmission to the Safe Browsing server, ensure that only Google’s URL-checking service can decrypt them, thanks to a unique public key.

“The privacy server then removes potential user identifiers such as your IP address and forwards the encrypted hash prefixes to the Safe Browsing server. The privacy server is operated independently by Fastly, meaning that Google doesn’t have access to potential user identifiers (including IP address and User Agent) from the original request,” said Google in another blog post.

Final Word 

This innovative approach to real-time phishing protection, first announced by Google in September, marks a significant leap in maintaining user privacy while enhancing security, showcasing Google’s commitment to creating a safer internet environment without compromising personal privacy.