New Update Optimizing Safe Browsing checks in Chrome

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,556
Balancing security and usability is always top of mind for us as we strive to stay on top of the constantly evolving threat landscape while building products that are delightful to use. To that end, we'd like to announce a few recent changes to how Chrome works with Google Safe Browsing to keep you safe online while optimizing for smooth and uninterrupted web browsing.

Asynchronous checks

Today, Safe Browsing checks are on the blocking path of page loads in Chrome, meaning that users cannot see pages until checks are completed. While this works fine for local-first checks such as those made using Safe Browsing API v4, it can add latency for checks made directly with the Safe Browsing server. Starting in Chrome 122, we will begin to introduce an asynchronous mechanism which will allow sites to load even while real-time checks with Safe Browsing servers are in progress. We expect this to reduce page load time and improve user experience as real-time server-side checks will no longer block page load, although if a site is found to be dangerous after the page loads then a warning will still be shown.

In addition to the performance boost, this change will let us improve the quality of protection over time. By taking the remote lookup outside of the blocking path of the page load, we're now able to experiment with and deploy novel AI and ML based algorithms to detect and block more phishing and social engineering attacks. It was previously challenging to perform such experimentation because of the potential to delay page loads.

In terms of potential risks, we evaluated the following and concluded that sufficient mitigations are in place:
  • Phishing and social engineering attacks: With the move to asynchronous checks, such sites may start to load while server-side Safe Browsing checks are in progress. We have studied the timing data and concluded that it is extremely unlikely a user would have significantly interacted with (e.g. typed in a password) such a site by the time a warning is shown.
  • Exploits against the browser: Chrome maintains a local Safe Browsing list of some sites which are known to deliver browser exploits, and we'll continue to check that synchronously. Besides this, we always recommend updating Chrome as soon as an update is available, to stay protected online.
 

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,380
The recent changes announced in the blog post aim to improve the performance and user experience of Google Safe Browsing in Chrome while maintaining a high level of security. Here are the key points:

1. Asynchronous Checks: Currently, Safe Browsing checks in Chrome block page loads until the checks are completed. This can cause latency for checks made directly with the Safe Browsing server. With the introduction of an asynchronous mechanism in Chrome 122, sites will be able to load even while real-time checks with the Safe Browsing servers are in progress. This change is expected to reduce page load time and improve user experience.

2. Improved Protection: By moving the remote lookup outside of the blocking path of the page load, Google can now experiment with and deploy novel AI and ML algorithms to detect and block more phishing and social engineering attacks. Previously, such experimentation was challenging due to the potential delay in page loads.

3. Mitigating Risks: The blog post addresses potential risks associated with the asynchronous checks. For phishing and social engineering attacks, it is highly unlikely that a user would significantly interact with a dangerous site (e.g., entering a password) by the time a warning is shown. Chrome will continue to maintain a local Safe Browsing list of sites known to deliver browser exploits, which will be checked synchronously. Additionally, users are encouraged to keep Chrome updated to stay protected online.

Overall, these changes aim to strike a balance between security and usability, allowing for faster page loads while still providing effective protection against online threats.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top