Google today revealed a significant update to Chrome Safe browser feature that would allow the service to function in real time by cross-referencing entries against. A server-side list without requiring you to share your browser history with Google.
In the past, Chrome once or twice an hourly downloaded a list of recognized websites harboring viruses. Undesired software, and phishing scams. Chrome will now send the URLs you visit to its servers using a different mechanism to compare them against a frequently updated list. Since the average harmful website disappears in less than ten minutes. As noted by Google, this has the benefit of providing an updated list in as little as an hour.
Compared to using local lists, the company claims that its new server-side technology can detect up to 25% more phishing attacks. The size of these local lists has also increased, placing additional burden on low-end computers and low-bandwidth connections.
Desktop and iOS platform users can now utilize this new system from Google. It will add support for Android later this month.
Sending private links to each other
The Safe Browsing Enhanced Mode, which might be familiar to some, offers deeper scans, protection against risky Chrome extensions, real-time URL checks, and uses AI to block unlisted threats. While Google encourages its use, this optional mode goes beyond the default protections, which don’t include the AI features.
Google goes into great detail to describe how this real-time technology functions without requiring the corporation to receive your browser data. This is how Google explains the procedure:
- When visiting a website, Chrome first checks its cache to see if it already knows the website’s address (URL) as secure (more on this in the section titled “Staying Fast and Reliable”).
- If the visited URL is not in the cache, one must conduct a real-time check because it can be dangerous.
- By using the URL hashing guidelines to transform the URL into 32-byte complete hashes, Chrome obfuscates the URL.
- Chrome truncates the complete hashes into 4-byte hash prefixes.
- The hash prefixes are sent to a privacy server by Chrome after being encrypted.
- Through a TLS connection that combines queries with those from numerous other Chrome users. The privacy server eliminates any possibility of user identification and sends the encrypted hash prefixes to the Safe Browsing server.
- After decrypting the hash prefixes and comparing them to the server-side database. The Safe Browsing server returns complete hashes of any dangerous URLs that correspond to one of the hash prefixes that Chrome delivered.
- Chrome verifies the unsafe full hashes against the full hashes of the URL that was visited after obtaining them.
- If Chrome discovers a match, it will display a warning.
Google leverages Fastly’s Oblivious HTTP privacy server to strip identifiable data between Chrome and Safe Browsing.
Google collaborates with Fastly to use an Oblivious HTTP server. Enhancing privacy in Chrome’s Safe Browsing by removing identifiable info from requests. This setup anonymizes metadata and hides IP addresses from Google, with encrypted URLs that Fastly can’t access, boosting user privacy.
