Google is switching all Chrome users to Enhanced Safe Browsing for real time Phishing protection

Key Highlights

1. Google is retiring the standard Safe Browsing feature in Chrome and switching all users to Enhanced Safe Browsing over the coming weeks.
2. Enhanced Safe Browsing offers real-time phishing and malware protection by checking sites against Google’s cloud database of threats. This eliminates the time lag of traditional Safe Browsing.
3. The change is controversial because Enhanced Safe Browsing sends all visited URLs to Google for vetting, raising privacy concerns. Users also cannot revert back to standard Safe Browsing anymore.

Google is retiring the standard Safe Browsing feature in Chrome and switching all users to Enhanced Safe Browsing in the coming weeks. This controversial move aims to provide real-time phishing and malware protection.

How Safe Browsing Works in Chrome

Since 2007, Chrome has utilized Safe Browsing to check visited websites against a local list of malicious URLs. If a match is found, the browser blocks the site and displays a warning.

However, this local list only updates every 30-60 minutes. So recently created phishing pages can slip through the cracks during this gap, leaving users exposed.

Enhanced Safe Browsing Eliminates Time Lag, But Raises Privacy Concerns

To close this vulnerability window, Google introduced Enhanced Safe Browsing in 2020. It offers real-time security by checking each site visit against Google’s cloud database of malicious URLs.

Also Read: Google Chrome will soon warn you when installed extensions are malware

“To block these dangerous sites the moment they launch, we’re upgrading Safe Browsing so it will now check sites against Google’s known-bad sites in real time,” says Google.

“By shortening the time between identification and prevention of threats, we expect to see 25% improved protection from malware and phishing threats.”

This eliminates the time lag of traditional Safe Browsing, improving phishing protection by 25% as per Google. But it comes at the cost of privacy, as Chrome now sends all visited URLs to Google for vetting. Google also states that browsing data may be temporarily associated with your account to detect targeted attacks.

No Option to Revert to Standard Safe Browsing

While Enhanced Safe Browsing was optional earlier, Google is now force-enabling it for all users in the coming weeks without the ability to go back to standard Safe Browsing. Google’s rationale is that 60% of phishing sites survive less than 10 minutes. So real-time blocking is essential for robust security.

This removal of choice and expanded data collection is likely to upset some privacy-focused users despite Google insisting the data is only used for security. It builds on existing concerns around Chrome browsing history being utilized for ads in Google’s Privacy Sandbox initiative.

The move highlights the delicate balance between privacy and security. While Safe Browsing does bolster real-time threat detection, many will see the forced activation as a step too far by Google.