Google announced today that it is deprecating the standard Google Chrome Safe Browsing feature and moving everyone to its Enhanced Safe Browsing feature in the coming weeks, bringing real-time phishing protection to all users while browsing the web.
Since 2007, Google Chrome has utilized a Safe Browsing security feature that protects users from malicious websites that push malware or display phishing pages.
When browsing the web, Chrome will check if a domain you are visiting is within a local list of malicious URLs, and if it is, it will block the site and display a warning.
However, as the list of bad URLs is hosted locally, it can not protect you from new sites detected since the list was last updated.
To provide better security, Google introduced an Enhanced Safe Browsing feature in 2020 that offers real-time protection from malicious sites you are visiting. It does this by checking in real-time against Google’s cloud database to see if a site is malicious and should be blocked.
This feature, though, comes with a tradeoff in privacy, as Google Chrome will now send URLs you open (including downloads) back to Google’s servers to check if they are malicious. The feature will also send a small sample of pages to Google to discover new threats
Finally, the transferred data is also temporarily linked to your Google account to detect if an attack targets your browser or account.
Enhanced Safe Browsing for everyone
Google announced today that it is rolling out the Enhanced Safe Browsing feature to all Chrome users over the coming weeks without any way to go back to the legacy version.
The browser developer says it’s doing this as the locally hosted Safe Browsing list is only updated every 30 to 60 minutes, but 60% of all phishing domains last only 10 minutes. This creates a significant time gap that leaves people are unprotected from new malicious URLs.
“To block these dangerous sites the moment they launch, we’re upgrading Safe Browsing so it will now check sites against Google’s known-bad sites in real time,” says Google.
“By shortening the time between identification and prevention of threats, we expect to see 25% improved protection from malware and phishing threats.”
However, instead of just setting Enhanced Safe Browsing as the default option, Google told BleepingComputer that the legacy version will be removed and there would be no way to return to the legacy version.
This change is sure to make some users unhappy for fear that Google will utilize this browsing data for other purposes, such as ad targeting.
While Google states that the data collected from Enhanced Safe Browsing is only used to protect Google apps and users, there has been a lot of concern recently about Chrome’s browsing history being used for interest-based advertising as part of Google’s new Privacy Sandbox platform.
Update 9/7/23: Google has confirmed to BleepingComputer that none of the data submitted to the company’s servers through Enhanced Safe Browsing will be used in other features, including to deliver advertisements.