Real-time phishing protection coming to Chrome

Developers have announced that Google will roll out an update to Safe Browsing at the end of March, enabling real-time protection against malware and phishing for all Chrome users.

Safe Browsing was introduced in 2005 to defend against phishing attacks. Since then, Google has continuously updated it to block malicious domains that spread malware, unwanted programs, and various social engineering schemes. For those seeking rapid and proactive protection, Safe Browsing offers an Enhanced Protection mode powered by AI for in-depth scanning of downloaded files.

Currently, the standard version of Safe Browsing checks sites, downloads, and extensions against a local list of malicious URLs downloaded from Google servers every 30-60 minutes. However, Google plans to transition to real-time scanning to detect malicious sites that appear and disappear in less than 10 minutes.

“Safe Browsing currently safeguards over 5 billion devices globally, shielding them from phishing, malware, unwanted software, and other threats,” state the developers. “Furthermore, Safe Browsing assesses over 10 billion URLs and files daily, issuing over 3 million warnings to users regarding potential threats. If we detect a site that may be harmful to you or your device, you will receive a warning with further details. With real-time site checks, we anticipate blocking 25% more phishing attacks.”

The new feature, set to roll out on Android later this month, employs encryption and other privacy-enhancing methods to ensure that “no one, including Google, knows which sites you visit.”

Google emphasizes user privacy with a new API that utilizes Fastly Oblivious HTTP (OHTTP) to obscure the URLs of visited sites. This means that users’ partially hashed URLs are sent to Safe Browsing through an OHTTP server, which conceals IP addresses and blends the hash with data from other users’ browsers for added security. Additionally, hash prefixes are encrypted before transmission through the server using a public key exclusive to Google’s URL verification service.

It’s important to note that the privacy server is operated independently by Fastly, and Google does not have access to user identification data (such as IP addresses and User Agent) obtained during the initial request.

Real-time phishing protection coming to Chrome

“When the Safe Browsing server receives the encrypted hash prefixes from the privacy server, it decrypts them using its private key and proceeds to check the list on the server side,” Google explained.

0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment