Google wants to make surfing safer and is now implementing an online URL check in the Chrome web browser. This is intended to ensure real-time protection against malicious websites in order to better protect browser users from phishing or malware.
Advertisement
Cybercriminals are creating new websites more and more quickly, which are also short-lived. To keep pace with this, real-time URL protection was developed. The feature is initially coming to Chrome for desktops and iOS, and the function will follow for Android later in March.
Google: Safe Browsing is very successful
In the function presentation, Google writes that Safe Browsing is already used on more than five billion devices and evaluates more than ten billion URLs and files every day and displays more than three million warnings. The previous state of the art was that Safe Browsing uses a local database containing entries of malicious websites and files that the browser updates every 30 to 60 minutes.
However, Google's IT researchers came to the conclusion that suspicious or fraudulent websites exist on average for less than ten minutes. This therefore requires checking a server-based list from Google to provide real-time protection. The standard protection in Chrome will take care of this from now on. The developers expect to be able to block 25 percent more phishing attempts with real-time checking.
URL checking using server-based lists should take privacy into account. In another blog post, Google's developers explain how they want to ensure this. First, Chrome checks its cache to see whether the page visited is known to be safe.
Online exams are intended to maintain privacy
If the browser doesn't find it there, it disguises the URL in a 32-byte hash. Chrome truncates this to 4-byte hash prefixes. Chrome encrypts it and sends it to a privacy server, which removes potential user-identifiable information and forwards the encrypted hash prefixes to the Safe Browsing server, where the requests are mixed with those of many other Chrome users. The Safe Browsing server decrypts the hash prefixes and checks them against the server-side database, which returns full hashes of all unsafe URLs that match a hash prefix. Chrome then checks this list of full hashes against the full hashes of the visited URL. If there is a hit, the Chrome browser finally warns you.
Google emphasizes that the Safe Browsing real-time protection protocol provides protection without sharing browsing history with Google. The function is activated automatically in standard protection and no action is required from the user. This does not make the extended Safe Browsing protection obsolete, as the online check only protects against sites that are already known to be harmful. However, the extended protection examines websites more intensively and also uses machine learning models to recognize very young sites or those that have previously hidden their behavior from Safe Browsing through obfuscation measures.
Chrome for iOS brings better password checking
Another improvement concerns Google Chrome's password check, which is available if the browser is used as a password manager. In the iOS version, it now not only shows known compromised passwords, but also warns about weak or repeatedly used passwords. The check can be started by accessing the Chrome settings in the “Privacy and Security” tab and triggering the security check.
Google distributed updated versions of Chrome on Wednesday this week. Among other things, they close security gaps that attackers can use to inject malicious code through manipulated websites.
(dmk)