In today’s digital world, we all face online threats every day. But, the difference between being protected from these threats and falling prey to them can be just a matter of minutes. To tackle this issue, Google has now introduced new security and privacy protections for Chrome users on both desktop and iOS. These new features are designed to be more efficient in detecting and blocking phishing attacks – in fact, Google claims that the new updates will result in a 25% increase in the number of phishing attacks that are detected and blocked by the browser.
For The Best Cyber Security, Time Is Of The Essence
According to statistics published March 14 by Google’s Chrome and Safe Browsing product managers, the average malicious site used by cybercriminals to steal your personal data and access your finances only “actually exists for less than 10 minutes.” That’s a huge window of opportunity for the criminals and a broken one for users hoping technologies such as Google’s Safe Browsing feature in the Chrome web browser will save them. But the tide is turning, and Google has announced a new upgrade to the Safe Browsing protection that hopes to turn that window of opportunity into the smallest of cracks.
To put this into some kind of context, Google says the standard protection mode of it’s Safe Browsing feature used a list of site addresses and files known to be of potential danger. That list was update every 30 to 60 minutes, which means that three malicious sites could have come and gone before Google, and the user, even knew about it. “To keep up with the increasing pace of hackers, we’re bringing real-time, privacy-preserving URL protection to Google Safe Browsing for anyone using Chrome on desktop or iOS,” Google has announced. Plus, we’re introducing new password protections on Chrome for iOS as another way to help you safely navigate the web.
This means that the 5 billion devices running the Chrome browser that has seen Safe Browsing assess in excess of 10 billion addresses and files each day—yes, you did read that right—and displayed more than 3 million alerts to users will now be protected in real time. “If we suspect a site poses a risk to you or your device,” Google says, “you’ll see a warning with more information. By checking sites in real-time, we expect to block 25% more phishing attempts.”
How Does The New Chrome Safe Browsing Feature Work?
The new functionality, which Google will be bringing to Android users later in the month, protects your privacy by using “encryption and other privacy-enhancing techniques,” Google says, “to ensure that no one, including Google, knows what website you’re visiting.”
Until now, Google has been checking the sites you visit against a locally stored database of malicious sites for both privacy and performance reasons. This listing process was updated every half hour to an hour.
“In order to transition to real-time protection,” Google says, “checks now need to be performed against a list that is maintained on the Safe Browsing server.” This server-side list will include malicious sites immediately after they are discovered. Google explains how this works as follows: When you visit a site, Chrome first checks its cache to see if the address of the site is already known to be safe. If the status is unknown a real-time check is carried out by first obfuscating the URL, converting it into 32-byte full hashes. These are then truncated into 4-byte long hash prefixes, which are encrypted by Chrome and sent to a privacy server where any potential user identifiers are removed before forwarding to the Safe Browsing server via a secure connection.
Using Oblivious HTTP To Preserve Privacy
“The Safe Browsing server decrypts the hash prefixes and matches them against the server-side database,” Google explains, “returning full hashes of all unsafe URLs that match one of the hash prefixes sent by Chrome.” If any unsafe matches are found a warning is displayed to the user. How private is all this? Google says it has partnered with the Fastly cloud platform to provide an Oblivious HTTP (OHTTP) privacy server operating between Chrome and Safe Browsing. “With OHTTP, Safe Browsing does not see your IP address, and your Safe Browsing checks are mixed amongst those sent by other Chrome users,” Google affirms, “this means Safe Browsing cannot correlate the URL checks you send as you browse the web.”
Google maintains privacy using a number of methods
For the full technical breakdown, refer to the Google posting, but be assured that “no single party has access to both your identity and the hash prefixes.”
The latest version of Chrome will be updated to make use of the new functionality. If this level of protection isn’t enough for you, then enable the Enhanced Protection mode that leverages AI models to block attacks and includes “deep file scans” for additional protection. Enhanced Protection also provides a defense against malicious Chrome extensions.
Google Introduces Enhanced Password Protection For iPhone Users
The icing on the security cake for iOS Chrome app users is that Google has also announced an update to the Password Checkup feature. This has been able to flag passwords that you are using if they are known to have been compromised and appear in dark web databases used by cybercriminals and hackers for a while now. However, Google has added two more functions to this already essential feature for Chrome iOS fans: an alert for weak passwords and another for reused ones.
