Google has added real-time browsing protection to Chrome that it claims should protect your privacy. The feature, which Google says hides your visited URLs, is now available on the default Standard mode of Safe Browsing on Chrome.
For years, Chrome’s Safe Browsing feature has automatically added potentially unsafe URLs to a list Google stores on your device. Every time a user visits a site, Google checks the URL against that list and issues a warning. The problem is that Google only updates this locally stored database every 30 to 60 minutes. Given most dangerous sites exist for less than 10 minutes nowadays, a lot of unsafe sites slip through the cracks.
Safe Browsing’s opt-in Enhanced protection mode deals with this by using Google’s Safe Browsing server-side database, which catches unsafe URLs much faster in real time. Yet users must provide Google with more security-related data for full protection, which is why it’s an opt-in mode.
Google claims the new version of Safe Browsing solves this problem with an API that hides the URLs of visited sites from Google. Now, Google says it will do a real-time check for sites that it couldn’t find in its database and will then send an encrypted version of the URLs to Fastly’s independently operated privacy server.
Google says the privacy server will then strip the URL of any potential user identifiers like IP addresses and will not be able to decrypt the URL. Afterward, it’ll send it to Safe Browsing’s server-side database via a TLS connection that mixes your request with those sent by other Chrome users.
Safe Browsing should then be able to decrypt the URL to its full hash form — which still hides the URL — and check it against its list. If Safe Browsing finds a match, Google says it’ll only send the encrypted hash form over to Google, and Google will then warn the user.
As a result, throughout the process, Google claims your browsing activity remains private; no single party will be able to see both your IP address and the URL’s hash prefixes. At the same time, Google says it should be able to block 25 percent more phishing attempts.
Yet while the Standard and Enhanced modes can now both do real-time checking, Google claims the Enhanced version continues to offer greater protection. That’s because it comes with extra features, like AI to block attacks, deep file scans, and extra protection from dangerous Chrome extensions.
The new real-time checking feature for Standard mode is currently available on Chrome for desktop and iOS and will roll out to Android later this month.