Google Chrome has been protecting users from malicious websites and files with Safe Browsing, which maintains a locally-stored list updated every 30-60 minutes.
It is becoming insufficient as unsafe sites can emerge and disappear within 10 minutes. To address it, Chrome is introducing a new version of Safe Browsing that provides real-time URL protection without compromising user privacy.
This is achievable through a new API that checks URLs against a real-time list without revealing the actual URLs to Google, improves protection against short-lived threats, and scales better to the growing number of malicious sites.
Real-Time And Privacy-Preserving Safe Browsing
Chrome utilizes real-time Safe Browsing to identify unsafe websites. Upon visiting a URL, it first checks its local cache for known safe addresses; if not found, the URL undergoes a real-time check.
To protect user privacy, it muddies the URL through hashing and encryption before sending it to the Safe Browsing server. The server decrypts, compares the hash with its database of unsafe URLs, and returns matching full hashes.
Chrome finally checks the received total hashes against the visited URL’s hash, displaying a warning if there’s a match and enabling real-time protection against even newly emerging threats.
According to a Google Chrome blogpost, To shield user identity, Fastly’s Oblivious HTTP (OHTTP) server serves as an intermediary between itself and Safe Browsing by masking the IP address before sending URL hash prefixes (obfuscated website addresses) to Safe Browsing for security checks.
Chrome encrypts these prefixes using Safe Browsing’s public key, ensuring the intermediary server cannot decrypt them.
The anonymized prefixes reach Safe Browsing, which uses its private key to decrypt and verify against its database of malicious sites.
It relays encrypted prefixes without the IP, and the intermediary server handles IP addresses without seeing the actual URL data. at the same time, neither party possesses user identity and browsing information, protecting your privacy.
To balance security with browsing speed, Chrome employs a two-layered caching system alongside a real-time check for website safety. It first consults a local cache of previously verified URLs and a global list of known-safe URL hashes.
If there’s a match, a faster hash-based check is used instead of the real-time request; failing that, Chrome attempts a real-time check.
And if unsuccessful or slow, it implements a fallback mechanism, temporarily reverting to hash-based checks and exploring asynchronous loading to prevent page delays.
Chrome’s Safe Browsing Gets Real-Time Protection With Enhanced Privacy
Chrome’s Safe Browsing received an upgrade, as standard protection now utilizes real-time URL checks without revealing the browsing history of users from known malicious sites to Google.
Enhanced protection remains recommended for additional layers of security, including protection against yet-unidentified threats and suspicious extensions and files.
The real-time feature uses a privacy server (fastly) by default and for checks. In contrast, developers can expect the Safe Browsing API to be available soon for similar privacy-preserving protection in their applications.