Real-time URL checks designed to block phishing sites that dodged previous measures

Chrome logo Safe Browsing laptop

An ‘enhanced protection’ mode added to Chrome’s Safe Browsing feature will provide more tailored safeguards against malicious websites and downloads.

Launched yesterday (May 19), Enhanced Safe Browsing will receive additional security data from Google’s browser in order to protect users against sophisticated phishing operations that exploit limitations in the feature’s blocklist API.

In a blog post, the Chrome Safe Browsing team said “security cannot be one-size-fits-all anymore” in the face of “increasingly sophisticated” web threats such as “malware campaigns directly targeting at-risk users”.

Blocklist API

Google Safe Browsing displays warnings to users when they attempt to access dangerous sites or download malicious files, and alerts webmasters when their websites have been compromised.

The technology discovers and adds thousands of unsafe sites to the blocklist API protocol each day.

Each time a user attempts to visit a website or download a file, Chrome checks the URL or file against a local list that is updated roughly every 30 minutes – a brief window which some phishing operators “slip through” by rapidly rotating domains.

‘Enhanced protection’ mode will provide “more proactive and tailored protections” based on users’ individual browsing history or threats they encounter, something lacking from the API.

“Google cannot determine the actual URL Chrome visited” based on information passed to the API, said the Safe Browsing team. “And thus by necessity the same verdict is returned regardless of the user’s situation”.

Enhanced Safe Browsing

If users opt into ‘Enhanced protection’ mode, Chrome will check uncommon URLs in real time to detect phishing websites.

The browser will also relay a small sample of pages and suspicious downloads to the Safe Browsing feature to aid threat discovery.

This data is temporarily linked to the user’s Google Account if they’re logged into Chrome – being anonymized after a “short period” – in order to “provide the most precise protection without unnecessary warnings” to the user’s situation “when an attack is detected against your browser or account”.

Google said additional protections in the development pipeline include tailored warnings for phishing sites and file downloads and cross-product alerts.


RELATED Google unveils raft of security improvements for Chrome 83