Google is upgrading Chrome’s Safe Browsing security tool by allowing it to provide constant protection against suspicious websites in real-time.
Before going into the update itself, it’s worth covering the backstory. Safe Browsing gives the Chrome browser a list of thousands of well-known, unsafe websites on the internet. Whenever you visit a webpage, the software will check to see if it’s on the list. If it’s there, Chrome will immediately block it and bring up a warning page telling you to stay away. According to Google’s Security Blog, that list is updated every 30 to 60 minutes 24/7. However, the bad actors behind these malicious websites have adapted to the changing landscape.
Google states a majority of these unsafe web pages littering the internet are only around “for less than 10 minutes”. Because the list refreshes every 30 minutes or so, there is a blind spot within this time frame. Bad actors are exploiting the blind spot and slipping through Chrome’s defenses. It’s a small window of opportunity, but it’s enough to do a lot of damage.
The solution here, as mentioned earlier, is to provide real-time protection.
Security boost
It's important to note the security boost is being made to Safe Browsing's Standard Protection mode. A company representative told us Enhanced mode already has these capabilities, but Google is essentially closing the gap a bit.
The way the new default will work is a little complicated, so here’s a quick breakdown.
Let’s say you visit a website not on Chrome’s list. The browser will then take the page’s URL, break it down into smaller bits of data, and send the packet to a third-party privacy server owned by Fastly, a company specializing in cloud computing. The server then analyzes the data and matches what it finds against its own database. If anything weird is found, Chrome is alerted and will warn you to stay away.
Of course, there’s more to it than that. We didn’t go over exactly how the browser breaks down the URL. If you want more details, we recommend checking out the blog post and Google’s URL hashing guidance page.
Activating the enhanced Safe Browsing does require more information than normal. But it's important to note that neither Google nor Fastly will receive any user identifiers. IP addresses will not be collected. All the security checks you send over are mixed in with requests from other people so it’s all one big mess. And because Fastly runs the server independently, Google has no access to the data.
Accessing the new Safe Browsing tool
The same representative from earlier told us the upgrade is live on Chrome for desktop and iOS, but not for Android. That's coming later on in the month.
Because it'll be the default, you don't have to manually activate it. To obtain the tool, start by clicking the three dots in the upper right corner. Go to Help, then select About Google Chrome. The installation will begin automatically. Relaunch the browser once prompted.
Return to the Settings menu, select Privacy and Security on the left, then go to the Security tab. Expand Safe Browsing and you should see Safe Browsing's standard mode with the updated text. We didn't receive the patch at the time of this writing, so the image below is still the old version. It's just an example of what you might see.
Since the Android version isn't out yet, we can't show you its process although we suspect it'll be very similar to the desktop experience.
It's unknown what kind of extra information Google will ask from its users. Presumably, the data it'll want will be the same listed under the Enhanced mode: system information, extension activity, and the like. We reached out to Google for more details. This story will be updated at a later time.
To learn how to further beef up your computer's security, check out TechRadar's roundup of the best antivirus software for 2024.