[German]Google is equipping its Chrome browser with enhanced protection within its "Safe Browsing" feature. This is intended to protect the user in real time from accessing malicious URLs and websites because the browser displays a clear warning. At the same time, Google promises to protect the user's privacy using a hash-based approach, as no direct URLs are transmitted to the Google servers. The whole thing is based on Google's technologies such as real-time list checks and AI-based classification of malicious URLs and websites.
Advertising
Google made the announcement on March 14, 2024 in this blog post. Safe Browsing has been around for 15 years, says Google, and this function protects users on more than 5 billion devices worldwide from potentially abusive websites. However, phishers and criminals are reacting faster and faster.
As the attackers are becoming more and more sophisticated, Google has had to react. Protection is needed that can adapt as quickly as the threats it fends off. That's why Google Chrome will have an advanced Safe Browsing protection mode that works in real time and protects against such threats with technologies such as real-time list checks and AI-based classification.
Malicious URLs and websites should be detected in advance, while preserving user privacy. With real-time protection, checks are now carried out using a list on the Safe Browsing server. The server-side list can include unsafe websites as soon as they are detected. This makes it possible to detect websites whose URLs change quickly. In addition, the list of websites can be as large as desired, as the Safe Browsing server is not subject to the same restrictions as the user devices.
Google wrote that real-time protection has shown that checking lists in real time is of great benefit. Google provides this mode as an option that the user can enable in the browser to take advantage of the ability to share more security-related data for greater security.
How it works?
When the user visits a website, Google Chrome runs a step-by-step check behind the scenes to determine whether a URL is malicious or safe.
- First, Chrome checks its cache to see if the address (URL) of the website is already known to be safe.
- If the URL to be visited is not in the cache, a real-time check is required.
- During the real-time check, Chrome obfuscates the URL by converting it into complete 32-byte hashes.
- Chrome then encrypts the hash prefixes and sends them to a data protection server.
- This data protection server removes potential user IDs and forwards the encrypted hash prefixes to the safe browsing server via a TLS connection. During this forwarding, the requests are mixed with those of many other Chrome users.
- The Safe Browsing server decrypts the hash prefixes and compares them with the server-side database.
- It returns complete hashes of all insecure URLs that match one of the hash prefixes sent by Chrome.
- After Chrome receives the full hashes of the insecure URLs, it compares them with the full hashes of the visited URL.
If a match is found, Chrome displays a warning (see screenshot below) and the user can then decide whether or not to visit the page.
Advertising
If there are any problems with the query, the Chrome browser allows fallback solutions for this check. The details can be found in the Google article.
Introduction and activation
Google states that the latest version of Chrome for desktop, Android and iOS will update the default Safe Browsing protection mode. After the update, websites can now be checked with Safe Browsing's real-time protection log without sharing browsing history with Google. Users do not need to do anything to benefit from this improved feature.
Only those who want more protection can activate Safe Browsing's advanced protection mode. The background or difference is that Safe Browsing's standard protection mode can only warn users about websites that Safe Browsing has already confirmed as unsafe. Activating the advanced protection mode allows Google to use additional information together with advanced machine learning models to protect users from websites that Safe Browsing has not yet confirmed as unsafe. This is the case, for example, because the website has only recently been created or is hiding its true behavior from Safe Browsing's detection systems.
Advanced protection continues to provide protection beyond real-time URL scanning, such as deep scanning for suspicious files and additional protection against suspicious Chrome extensions. The real-time function of the standard Safe Browsing protection mode is activated for Chrome by default. If required, the function can be configured in corporate environments via the SafeBrowsingProxiedRealTimeChecksAllowed policy. For this function to work in Chrome, companies must explicitly allow data traffic to the Fastly Privacy Server. If the server is not accessible, Chrome downgrades the checks to hash-based checks. The details can be found in the Google article.
Advertising
