Google innovates security: learn about real-time safe browsing

March 20, 2024
Google recently announced a major change to its Safe Browsing feature in Chrome. This update will make the service real-time, verifying a server-side list without sharing the user’s browsing habits with Google. Before we delve into the details of this change, let’s look at what Safe Browsing means and why it is so important for online security.
Safe Browsing: an overview
Safe Browsing is a feature of Chrome that aims to protect users from dangerous websites, malware, and phishing scams. In the past, Chrome would download a known list of sites hosting unwanted or dangerous software every hour or two. However, this method had some disadvantages: it took time to obtain an updated list and strained the resources of less powerful machines and low-bandwidth connections. To overcome these limitations, Google has developed a new system that harnesses the power of cloud computing to detect unsafe sites in real time.
The new real-time protection system
Google’s new Safe Browsing system works by sending URLs visited by the user to Google’s servers, where they are compared with a constantly updated list of unsafe sites. This system is much faster than the previous procedure and can detect up to 25 percent more phishing attacks than using local lists. In addition, the new system reduces the load on less powerful machines and low-bandwidth connections.
But how exactly does this new Safe Browsing system work? Let’s start by examining the process step by step:
- When a user visits a site, Chrome first checks the cache to see if the address (URL) of the site is already known to be safe.
- If the URL visited is not cached, it could be dangerous, so a real-time check is needed.
- Chrome turns the URL into a hash, a cryptographic code unique to that site.
- The hash code is sent to a privacy server over a secure connection.
- The privacy server removes any personal information and forwards the encrypted hash code to Google’s Safe Browsing server.
- The Safe Browsing server decrypts the hash code and compares it to its database of unsafe URLs.
- If a match is found, Chrome displays a warning to the user.
An interesting aspect of this new system is the privacy server used by Google. In collaboration with Fastly, a company specializing in CDN (Content Delivery Network) and edge computing, Google has developed a privacy server called Fastly’s Oblivious HTTP. This server acts as an intermediary between Chrome and Safe Browsing, removing any identifying information from the browser request. These servers are independently managed by Fastly, ensuring the privacy of the user’s browsing information.
Through this partnership with Fastly, Google’s Safe Browsing service never sees the user’s IP address, while Fastly does not have access to the URLs visited because they are encrypted by the browser using a public-private key that Fastly does not have access to.
Safe Browsing Enhanced Mode.
If you are a frequent Chrome user, you may already be familiar with the Safe Browsing Enhanced mode. This mode compares the URL visited against a real-time online list, but it also offers enhanced features that include protection from attacks not in any list, in-depth file scans, and protection from malicious Chrome extensions. However, Enhanced mode has always been optional and will continue to be, although Google began pushing users to activate it last year. Standard Protection Mode does not use these advanced AI-based features.