Google is introducing a new form of Safe Browsing in Chrome. This is a new variant in which URLs are no longer analyzed locally, but are sent anonymously to Google. According to the company, this real-time analysis should be more secure.
Google writes that it is a new variant of Safe Browsing, a set of rules and mechanisms in Chrome to block malicious URLs. According to the company, the current version is outdated in some respects. In the new version, URLs are not analyzed locally, but in real time on Google's own servers.
In the current Safe Browsing mode, URLs are analyzed against a local database. When users visit a website, the URL is checked against that local list of known unsafe domains. Google updates that local list every thirty to sixty minutes based on hashes. This way, a user can receive a warning if they visit a URL known to come from a phishing domain or malware vendor.
According to Google, that system is more privacy-friendly and helps with the efficiency of the browser, but it is also somewhat outdated. Most such domains are often taken offline within ten minutes. “That means that by the time the local list of known unsafe sites is updated, many of them will have slipped through,” the company writes.
The new version of Safe Browsing should solve that problem by eliminating URLs not analyze them locally, but forward them to Google itself. This allows the URLs to be analyzed in real time. Google says it has taken several measures to ensure the data remains anonymous. This way the URL is hashed and possible identifiers are removed from the URL. Google only compares the hashes with each other.
According to Google, the hashes are not analyzed on its own servers, but via Fastly servers, so that Google cannot identify potential identifiers such as IP addresses and user agents. The functionality will now be enabled by default for all users of the mobile and desktop versions of Chrome.