Google on Thursday announced an enhanced edition of Safe Browsing to provide real-time URL protection, maintaining privacy and preventing users from visiting potentially malicious sites.
“Coverage mode for Chrome on desktop and iOS will check in real-time for sites opposed to Google’s well-known list of malicious server-side sites,” said Google’s Jonathan Li and Jawa.
“If we suspect that a site poses a threat to you or your device, please see a warning with more information. By verifying sites in real-time, we expect to block another 25% of phishing attempts. “
Until now, the Chrome browser used a locally stored list of known harmful sites, updated on both one and both in 30 to 60 minutes, and then leveraged a hash-based technique to compare the visited site to the database.
Google first revealed plans to move to real-time server-side verifications that share users’ browsing history with the company in September 2023.
The explanation for this change, according to the search giant, is due to the fact that the list of destructive internet sites is rapidly developing and 60% of phishing domain names have been around for less than 10 minutes, making them difficult to block. .
“Not all devices have the resources to keep this list under development, nor can they get and apply updates to the list with the required frequency for complete protection,” he adds.
So with the new architecture, every time a user tries to visit a website, the URL is checked as opposed to the browser’s global and local caches containing known safe URLs and the effects of previous Safe Browsing checks on the site’s prestige. .
If the visited URL is not found in the caches, real-time verification is done through the URL in full 32-step hashes, which are then truncated to 4-step hash prefixes, encrypted, and sent to a privacy server.
“The privacy server identifies potential users and passes the encrypted hash prefixes to the Safe Browsing server over a TLS connection that combines requests with many other Chrome users,” Google explained.
The Safe Browsing server then decrypts the hash prefixes and compares them to the server-side database to retrieve the full hashes of any harmful URLs that fit any of the hash prefixes sent through the browser.
Finally, on the consumer side, full hashes correspond to the full hashes of the visited URL, and a cautionary message is displayed if a match is found.
Google has also shown that the privacy server is nothing more than an Oblivious HTTP (OHTTP) relay operated through Fastly that sits between Chrome and the Safe Browsing server to save the latter from users’ IP addresses, thus prohibiting it from correlating URL checks. with a user’s web browsing history.
“Ultimately, Safe Browsing sees the hashed prefixes of your URL but not your IP address, and the privacy server sees your IP address but not the hashed prefixes,” the company noted. “Neither party has to control their identity and their hash prefixes. As such, your browsing activity remains private. “
The Strategic Guide to Cloud Security
Unlock actionable steps to protect everything you build and run in the cloud.
Goodbye Atlassian server. Goodbye. . . Backups?
Protect your knowledge in Atlassian Cloud from failure with Rewind’s on-demand backups and restores.
Act fast with Censys Search for Security Teams
Stay ahead of complex risk actors with best-in-class risk intelligence from Censys Search.
Protect your knowledge in Atlassian Cloud from failure with Rewind’s on-demand backups and restores.
From humans to bots: every identity in your SaaS application can simply be a backdoor for cybercriminals.
Learn how to protect your inventions from emerging security threats with expert advice.
Sign up for Loose and start getting your dose of cybersecurity news, information, and tips.