Google introduced an enhanced iteration of Safe Browsing on Thursday. This development aims to protect users from visiting potentially malicious websites and offer real-time, privacy-preserving URL protection.

Google’s Jonathan Li and Jasika Bawa stated, “The Standard protection mode for Chrome on desktop and iOS will compare sites in real-time to Google’s server-side list of known malicious sites.”

Pro-Palestinian hackers assert that Viber was compromised.

“As soon as we determine that a website may be hazardous to you or your device, a warning will appear with additional details. Through real-time site monitoring, we anticipate thwarting 25% more phishing attempts.

Until now, the Chrome browser employed a locally-stored, every-30-to-60-minute-updated list of known hazardous sites, comparing each site visited to the database using a hash-based approach.

In September 2023, Google initially disclosed its intentions to transition to real-time server-side checks while maintaining the confidentiality of users’ browsing histories.

The search colossus stated that the change was necessitated by the rapid expansion of the list of malicious websites and the fact that sixty percent of fraud domains exist for less than ten minutes, rendering them difficult to block.

“Not all devices have the resources necessary to maintain this growing list, nor are they always able to receive and apply updates to the list at the frequency necessary to benefit from full protection,” according to the report.

Thus, in order to determine the status of a website, the new architecture verifies the URL against the browser’s global and local caches comprising known secure URLs and the results of previous secure Browsing checks each time a user attempts to visit the site.

…

In the event that the URL being accessed is not cached, a real-time verification process is initiated wherein the URL is obscured using 32-byte full hashes. These hashes are subsequently truncated into 4-byte long hash prefixes, encrypted, and transmitted to a privacy server.

“The privacy server removes potential user identifiers and forwards the encrypted hash prefixes to the Safe Browsing server via a TLS connection that mixes requests with many other Chrome users,” Google explained in detail.

Following this, the hash prefixes are decrypted by the Safe Browsing server, which then compares them with the server-side database in order to provide complete hashes of any hazardous URLs that match a hash prefix transmitted by the browser.

Ultimately, the complete hashes are compared against the complete hashes of the URL that was visited on the client side; if a match is detected, a warning message is presented.

A new data leak vulnerability known as GhostRace affects modern CPUs.

Google further verified that the privacy server functions as an Oblivious HTTP (OHTTP) relay, which is managed by Fastly. This relay is positioned between Chrome and the Safe Browsing server and stops the latter from accessing users’ IP addresses. As a result, the privacy server is incapable of correlating URL checks with an individual’s internet browsing history.

“Ultimately, Safe Browsing sees the hash prefixes of your URL but not your IP address, and the privacy server sees your IP address but not the hash prefixes,” according to the organization. “There is no individual party that possesses access to both your identity and the hash prefixes.” Consequently, your browsing history remains private.

source