Google Chrome’s Real-Time Phishing Protection
The Evolution of Safe Browsing
To understand this latest development in phishing protection, let’s first look at Safe Browsing.
Since 2007, Google Chrome has utilized Safe Browsing to protect users from harmful websites that distribute malware or engage in phishing activities. Safe Browsing checks if a website you’re visiting is on a local list of malicious URLs.
If it is, Chrome blocks the site and issues a warning.
However, the flaw with this local list is it can’t defend against newly detected threats.
Enhanced Safe Browsing and Privacy Tradeoffs
In 2020, Google introduced Enhanced Safe Browsing, offering real-time protection by checking sites against Google’s cloud database.
But offering this extra layer of security comes with a privacy tradeoff. Chrome will send the URLs you open back to Google for analysis and may send some page samples to detect new threats.
The transferred data is temporarily linked to your Google account for better threat detection. Meaning, your search data will be monitored if you turn on Enhanced Safe Browsing.
Real-Time Protection for Everyone
Now, here’s the exciting part.
Google is enhancing the Standard Safe Browsing feature by adding real-time protection.
Why? Because the locally hosted list is only updated every 30-60 minutes. The reality of many phishing domains is that they are only active for as little as 10 minutes. One of these domains could attack you and disappear before the local list is ever notified.
To bridge this gap, Google is upgrading Safe Browsing to check sites against their known bad sites in real time.
This will significantly narrow the window of vulnerability.
Balancing Privacy and Protection
So, what about privacy?
Google acknowledges our privacy concerns and is assuring users that their data being sent out will not be used for advertisements or other purposes.
For those who value privacy, Google uses Fastly Oblivious HTTP Relays, a privacy-preserving method that partially hashes URLs without exposing private data.
However, this method may not detect malicious URLs without prior identification by Google.
Making Informed Choices
The bottom line for businesses and Chrome users everywhere is that you will have some choices.
If you prioritize utmost protection and are willing to share some data, Enhanced Safe Browsing may be your choice.
If you value privacy, the Standard Safe Browsing with privacy-preserving relays is available too.
It’s about finding the right balance for your needs. As a business owner, you have options to tailor your security preferences while staying protected. Check your Google Chrome settings for which Safe Browsing option is on.
It’s worth noting that Google plans to publish a more detailed article on this new Safe Browsing feature in the coming months. So, be on the lookout for that.
In our professional opinion, Google’s introduction of real-time phishing protection in Chrome is a significant step forward in online security.
If it’s time to assess your business’s IT infrastructure and implement robust security awareness training, feel free to reach out and schedule a chat with an IT expert via the Calendly link below.
Check out our last video! ➡️ Shocking IBM Data Breach Exposes Patients
If it’s time to assess your business’s IT infrastructure and implement robust security awareness training, feel free to set up a call with one of our expert technicians via the Calendly link below. We’d be happy to discuss solutions with you.
Click here to schedule a free 15-minute meeting with Stan Kats, our Founder and Chief Technologist.
STG IT Consulting Group proudly provides IT Services for Small to Medium Businesses in Greater Los Angeles. We’d love to see if we can help you too!