Google is enabling Chrome real-time phishing protection for everyone

Update 9/8/23: The article was updated after a conversation with Google about how this new feature is being implemented.

Google announced today that it is bringing additional security to the Google Chrome standard Safe Browsing feature by enabling real-time phishing protection for all users. 

Since 2007, Google Chrome has utilized the Safe Browsing security feature to protect users from malicious websites that push malware or display phishing pages.

When browsing the web, Chrome will check if a webpage you are visiting is within a local list of malicious URLs, and if it is, it will block the site and display a warning.

However, as the list of bad URLs is hosted locally, it can not protect you from new sites detected since the list was last updated.

To provide better security, Google introduced an Enhanced Safe Browsing feature in 2020 that offers real-time protection from malicious sites you are visiting. It does this by checking in real-time against Google's cloud database to see if a site is malicious and should be blocked.

This feature, though, comes with a tradeoff in privacy, as Google Chrome will now send URLs you open (including downloads) back to Google's servers to check if they are malicious. The feature will also send a small sample of pages to Google to discover new threats.

Finally, the transferred data is temporarily linked to your Google account to detect if an attack targets your browser or account.

Real-time protection for everyone

While the Enhanced Safe Browsing feature remains the same and offers the best protection in Chrome, Google is now adding real-time protection to the standard Safe Browsing feature for increased security.

The browser developer says it's doing this as the locally hosted Safe Browsing list is only updated every 30 to 60 minutes, but 60% of all phishing domains stay alive for only 10 minutes. This creates a significant time gap that leaves people unprotected from new malicious URLs.

"To block these dangerous sites the moment they launch, we're upgrading Safe Browsing so it will now check sites against Google's known-bad sites in real time," says Google.

"By shortening the time between identification and prevention of threats, we expect to see 25% improved protection from malware and phishing threats."

Google told BleepingComputer that the opt-in Enhanced Safe Browsing feature communicates directly with the Safe Browsing protocol and sends additional data. While there is a bit less privacy, it offers the most protection as it can detect malicious URLs before Google has seen them.

As the standard Safe Browsing feature is the default option, Google Chrome Product Manager Jasika Bawa told BleepingComputer that they are introducing real-time protection in a more privacy-preserving manner via Fastly Oblivious HTTP Relays.

The Oblivious protocol relays users' partially hashed URLs to Google's Safe Browsing engine without exposing users' private information, such as IP addresses and request headers.

However, this privacy-preserving real-time standard Safe Browsing feature has a drawback. As it's not sending as much metadata to the engine, it will not be able to heuristically determine if a URL is malicious without it first being flagged by Google.

Therefore, if you are willing to trade some privacy for better protection, Enhanced Protection may be the better option. 

Google has also said that the data sent to Google will not be used in other features, including to deliver advertisements.

BleepingComputer was told that a more detailed article on the new Safe Browsing feature will be published in the coming months.

Update 9/7/23: Article update confirms that the feature will not be used to deliver advertisements. 
Update 9/8/23: Google shared more information on how this new feature works with BleepingComputer, which has been included in the post.