Google Safe Browsing throws up a bright red warning before letting you visit a nefarious page. Google is updating how Safe Browsing works in Chrome so that it’s less disruptive and more efficient “without a degradation in security posture.”
Safe Browsing’s current approach means “users cannot see pages until checks are completed.”
While this works fine for local-first checks such as those made using Safe Browsing API v4, it can add latency for checks made directly with the Safe Browsing server.
Chrome 122, which is rolling out starting next week, introduces an “asynchronous mechanism which will allow sites to load even while real-time checks with Safe Browsing servers are in progress,” thus reducing overall page load time. If nothing is found, you’ll browse like normal. However, when something is detected, the full-page Safe Browsing warning is shown.
In terms of preventing phishing and social engineering attacks, Google says it is “extremely unlikely a user would have significantly interacted with (e.g. typed in a password) such a site by the time a warning is shown.” It came to this conclusion after studying timing data.
Additionally, this new approach will let Google “experiment with and deploy novel AI and ML based algorithms to detect and block more phishing and social engineering attacks” without the risk of delaying page loads.
Chrome will still maintain a “local Safe Browsing list of some sites which are known to deliver browser exploits” that’s checked synchronously.
Meanwhile, Safe Browsing previously “checked both top-level URLs as well as sub-resources.” The latter was once used to “distribute malware and exploit browsers at scale,” but that’s no longer the case:
In recent years, we’ve seen this attacker trend decline – large scale campaigns that exploit sub-resources are no longer common, making sub-resource checks less important.
As such, Safe Browsing in Chrome will no longer check the URLs of sub-resources. Google has other security measures in place, including a “client-side visual ML model [that] can spot images used to create phishing pages.”
This means that Chrome clients now connect to Google less frequently, which reduces unnecessary network bandwidth cost for users. On the Safe Browsing side, the change allows us to drastically simplify detection logic and APIs, which helps improve infrastructure reliability and warning accuracy, thus reducing risk overall.
Similarly, Google has “vastly reduced the frequency with which Chrome contacts Safe Browsing to check PDF downloads” — to the tune of “billions of times less often each week” — given that the file format isn’t being widely exploited anymore. The Chrome PDF viewer is sandboxed as a counter, while the malicious PDFs that do exist use web links that send users back to Chrome protections.
FTC: We use income earning auto affiliate links. More.
Comments