Announced last year, Google has now enabled real-time Safe Browsing checks in its Chrome web browser.
Safe Browsing is a security component of the Google Chrome web browser. Its main purpose is to warn users about malicious websites or downloads. This includes protections against known phishing websites and malware.
Google Chrome used a local list of known malicious sites by default previously. This list was updated every 30 to 60 minutes by the browser. This meant that there was a short period in which new known threats were not blocked by the browser.
Google calculated that “average malicious” sites exist for less than 10 minutes. In other words, a good portion of malicious sites do not exist anymore when Chrome updates the local Safe Browsing list.
Chrome users could switch the security setting to enhanced to get real-time checks. This new real-time checking of threats is now available in all Safe Browsing modes.
Safe Browsing changes
Google Chrome uses a Safe Browsing list on Google servers now to check any site that is getting opened against it. This improves the protection of users. Google estimates that this should improve the blocking of phishing attempts by 25%.
The change is rolling out to Chrome desktop users already. Android will also get the change “later this month” according to Google.
The option to enable Enhanced Protection is still available. This includes real-time checks as well, but also use of “AI to block attacks, provides deep file scans and offers extra protection from malicious Chrome extensions”.
What about privacy?
Google says that the new real-time nature of Safe Browsing checks is privacy-preserving.
Here is what happens in Chrome when a site is visited (according to Google):
- The cache is checked to see if the site is known to be safe already.
- If it is not in the cache, Chrome needs to check it against the remote Safe Browsing list.
- Chrome starts by obfuscating the URL locally into 32-byte full hashes.
- The hash is then truncated into 4-byte long chunks.
- These are encrypted by Google Chrome and transferred to a “privacy server”.
- The privacy server removes “potential user identifiers” before forwarding the encrypted hash chunks to the Safe Browsing server.
- There the data is decrypted and checked against the database.
- If a match is found, Chrome shows a warning to the user.
Google entered into a partnership with Fastly to “operate an Oblivious HTTP privacy server” that sits between the Chrome web browser and Safe Browsing.
The main idea behind Oblivious HTTP is to block the receiving server from linking requests to specific clients. Google published a blog post on the Chrome Security blog that offers additional information on the implementation in Chrome and server infrastructure.
Closing Words
Real-time checks should improve protection for users without impacting their privacy. Other browsers who also use Safe Browsing may not be affected by the change if they download Safe Browsing lists instead of using real-time checks.
Those who use Chrome but do not want these real-time checks can turn off Safe Browsing