The pace of malicious websites stealing your information is getting ever faster. While Chrome’s Safe Browsing does a good job of issuing warnings for potential threats to your data like phishing sites, it’s simply not fast enough to quickly block the ever-growing number of rapidly built sites.
But Google has just introduced the answer in the form of real-time protection through Safe Browsing, which transforms how the service works to better secure anyone using the browser on desktop or iOS. Alongside this, the iPhone version is getting a useful update to the way it checks your passwords. Let’s get into the details.
Protecting your privacy in real-time
Currently, Chrome’s Safe Browsing mode is dependent on using a list stored on-device to check if a site could be a dangerous phishing attempt. This list is updated every 30-60 minutes by pulling the information from Google’s own server-side list.
However, the company has found that these risky sites can exist for less than 10 minutes — popping up, grabbing your information, and disappearing without a trace. So there needs to be a quicker solution, and that comes by relying on a quick check-in with the server-side list, rather than being limited to what’s on your device.
This makes for real-time analysis of any website for malicious intent, which will throw up the “Dangerous site” red screen that we all know well. There’s a lot of intricacy to how Google is pulling this off in a split second, but to summarize:
- If the site is not known by your cache to be safe, it’ll start the real-time check.
- Through a whole series of hashing, the URL is obfuscated, your data is encrypted and mixed up with many other Chrome users — the site will not pick up any unique identifiers about you or your device.
- This hash information is then fired up to Google’s servers, decrypted and checked by its list of unsafe websites.
- If a match is found, Google puts on the breaks with a Chrome warning screen.
A lot of what makes this possible is Google’s partnership with Fastly to bring an Oblivious HTTP (OHTTP) server to the party, which works alongside Chrome encrypting your data and mixes it with other Chrome users. That means everyone (not even Google) sees your IP address.
Password Checkup updates
If you use Chrome on iOS (welcome to the non-Safari family), you’re going to want to get the update that’s just dropped. Password Checkup just got a tasty update too, which expands it vastly to improve your account protections.
You see, over doing the check for compromised passwords, Chrome will also throw up an alert when you’ve used a weak or reused password to sign up for something. This can all be accessed by popping over to Safety Check in the settings.