Enhanced Google Safe Browsing For Chrome

Google is known to update its security features frequently for their products. Google recently released a security update to its chrome browser to enhance users safe browsing on chrome web version on desktops and chrome for iOS devices.

This security update offers safe browsing experience to the chrome users in 2 ways

  1. Privacy preserving URL protection browsing, 
  2. Real time protection 

When a chrome user tries to visit any website it quickly checks with its database servers in real time to verify whether this website url is registered as a potentially dangerous site, if this URL is matched with their list from the database , it immediately warns the users about it. With this feature Google claims that 25% of more phishing attempts will be blocked.

What is Google Safe Browsing

Safe browning is the powerful feature introduced by Google for chrome browser users to safeguard them from unwanted phishing attacks, installation of malicious software on local systems to track sensitive user information(malware attacks). As per Google study it already protects 5 billion devices worldwide through safe browsing.

Previously chrome maintains a list of malicious websites locally which will be verified against a user visiting URL and gives a warning to the user if the site is identified to be a phishing or malicious site. This local list of malicious sites is updated for every 30 to 60 minutes. Further Google research revealed that a malicious website can exist for less than 10 minutes also so it is difficult to block.

When a user visits any website, it will download various resources such as html files, style sheets(css), dynamic script files(javascript), and URLs embedded on the webpage. These URLs may redirect the users to other phishing websites which may pose a threat to the users by stealing passwords, bank account information  etc. 

Google Chrome safe browsing feature identifies such threats with its local repository of potentially dangerous websites list and immediately warns the users to protect them.

How Safe Browsing Works

Maintaining a growing list of local repository of bad URL information is heavy on the client side due to resource limit constraints of browser. Continuing to connect to Google server and keeping updated with the new list is also may not be possible sometimes.

To avoid such limits, Google came up with a real time privacy protection feature meaning when a user visits a website, it checks with a local list, if not found then checks with a safe browsing server, if it matches with servers database, then alerts the user.

Technicalities Involved In Real Time Protection & Privacy Preserving URL Protection

google safe browsing

When a user visits any website, chrome creates all possible combinations URLs and generates the full URL hashes. Chrome checks to see if the full URL hashes with a local repository of partial hash of the URLs. If it does not find the match it sends it to a Safe browsing server via privacy gateway.

All the information is encrypted through SHA-256 cryptographic hash function before sending it to the privacy gateway. Encrypted data contains partial urls or partial hashes of URLs. Privacy gateway removes any user specific information and forwards the encrypted data to Safe browning server.

The safe browsing server decrypts the partial hashes and compares them with existing url information at server side, if they are found, fetch the full URLs info that matches with partial hashes sent by the user browser.

Lastly user side full URLs and the URLs fetched from the safe browser servers are compared and the safety trigger initiated to the client browser to prevent accessing the unsafe URL.

Google confirms that privacy gateway dont have access to partial hashes and safe browser servers don’t have access to user IP addresses. No party has access to both the information to protect the client’s privacy.

Advantages of Newly Introduced Real Time Protection and Privacy Preserving URL Of Safe Browsing

Privacy Protection :

Google partnered with Fastly Oblivious HTTP Relay to protect online privacy of chrome users. When data is sent to Fastly privacy gateway, it encrypts the partial hashes and user IP address so Privacy gateway strips the user IP address and passes the partial hashes to the safe browsing server.

Safety Browsing Experience:

By introducing the real time check of bad URLs at server side provides strong protection for the chrome users on desktop versions and iPhone users with iOS operating systems. By default a safe browsing feature is enabled for them.

New Password Checkup Standards For iOS Users On iPhone Devices

Google chrome already has the detectors to identify your passwords strengths and tells whether your password has been compromised or shared on the darkweb. In addition to that Google has 

Updated its password verification features by adding the identification of reused passwords or weak passwords.

Chrome will alert the user when it detects reused passwords or weak passwords to protect the user.

FAQ:

Q: Is New Chrome safe?
A: Chrome uses real time protection and privacy preserving URL features to offer safe browsing experience to its desktop chrome users, iOS chrome users on iPhone and for android yet to be implemented.

Q: What is advanced safe browsing in Chrome?
A: Advanced safe browsing enables Google chrome to check in real time with its safe browsing servers for bad URLs, malwares, and warn the users.

Q: Is Google Safe Browsing free?
A: Google safe browsing is free for normal users to experience malware free and guard against phishing attacks.

Conclusion

By the time of writing this article, the real time safe browsing feature has not been introduced on android devices. It is by default enabled for chrome desktop versions and iOS iphone chrome users.

This real time safe browsing feature might create a thought of adding additional time and slowing down the browsing experience due to extra server round trips and encryption and decryption mechanisms. But Google confirms the extra time it takes for checking the bad urls at client side and server side is negligible. 

Leave a Comment