Summary

  • Google Chrome’s latest update offers real-time phishing protection for faster loading and 25% more blocks.
  • Safe Browsing now checks threats on Google’s servers on the fly, reducing vulnerability to new phishing URLs.
  • New API enables real-time protection without privacy concerns, ensuring smooth performance on desktop and iOS.



Google Chrome wants to supercharge phishing protection with its latest update. The browser will check for new phishing and security threats in real-time as you visit new websites, rather than work with a downloaded list from Google servers. This makes it possible for sites to load faster all while blocking 25% more phishing attempts, as Google claims.


This real-time protection is achieved via Google’s Safe Browsing tool when used in Standard protection mode. Previously, this setting only worked with a local list of threats that was downloaded every 30 to 60 minutes. With the update, Standard protection now checks newly visited websites against threat lists on Google’s servers on the fly. In its research, Google found out that new phishing URLs could appear and disappear in time frames as short as 10 minutes, leaving users temporarily vulnerable when their local list isn’t updated.

Related

What’s new in Chrome 123: Android-style media player on desktop

Chrome 123 is working hard on feature parity across desktop and Android

Real-time checks like this were already available if you opted in to Safe Browsing’s Advanced protection mode. While it’s better at keeping malicious sites and phishing attempts at bay, it comes with privacy downsides of its own. It temporarily links URLs, samples of pages, downloads, and extension activity with your Google account when you’re signed in.



Thanks to a new API, Google can now offer the same real-time protection to those who use Standard protection without the privacy implications. This is achieved by obfuscating the URL you’ve visited before uploading it to a server that strips further potentially identifying properties from it. The hashed URL is then checked by Safe Browsing servers, without them being able to make a connection between the specific user and the URL.

Schematics explaining how Google's new privacy-first anti-phishing measures work
Source: Google

Google admits that this takes up a little more horsepower on your computer than the old method, but that the company “worked to make sure your experience remains smooth and speedy.” Google explains the whole process in more detail on its security blog.



The new protection features are rolling out to desktops and iOS first, with Chrome for Android following “later this month.” Chrome users on iOS additionally benefit from a tweak to the built-in Google Password Manager. Rather than just warning them about breached passwords, they will also see a note when some of their passwords are deemed insecure.