Google Safe Browsing is a service that allows developers and browsers to check if a URL contains malware or phishing content. The service relies on a list of URLs that are regularly updated based on data collected from users.
The list of browsers that rely on the Google Safe Browsing service includes Chrome, Safari, Vivaldi, Firefox, and GNOME Web. As you can see, Google Chrome is not the only browser using the service.
How Does Google Safe Browsing Work?
To use Safe Browsing, Chrome saves a series of mandatory cookies on your machine. Every time you visit a website, Save Browsing compares that URL against the list of URLs from its database. If any matches are found, you’ll get an alert. The type of alert you receive depends on the threat detected: malware, potentially unsafe scripts, phishing scripts, and other threats.
How to Enable Safe Browsing in Chrome
On Android and iOS
- Launch Chrome and tap More (the three dots).
- Then select Settings → Privacy and security.
- Tap Safe Browsing and enable the option.
- Launch Chrome and click on More (the three dots next to your account picture).
- Then go to Settings.
- Select Privacy and security, and then Security.
- After that, select the Safe Browsing protection level you want to use.
- Refresh the browser to apply the changes.
There are three protection levels available. Each level brings its own specific security features. Of course, if you don’t want to take any risks, enable Enhanced Protection.
Safe Browsing Enhanced Protection
This level offers proactive protection against malicious websites. In other words, Chrome will nip threats in the bud. Or as Google says:
Predicts and warns you about dangerous events before they happen.
You’ll receive alerts about potentially unsafe webpages, download files, and extensions. You’ll also get alerts about password breaches.
If you enable this option, keep in mind that Chrome will send your browsing data to Google. As Google explains:
Sends URLs to Safe Browsing to check them. Also sends a small sample of pages, downloads, extension activity, and system information to help discover new threats. Temporarily links this data to your Google Account when you’re signed in, to protect you across Google apps.
If you want to learn more about Enhanced Safe Browsing Protection in Chrome, check out this blog post from Google.
Safe Browsing Standard Protection
This option alerts you about any websites, downloads, and extensions confirmed to be dangerous.
URLs are analyzed and compared against the most recent copy of the Safe Browsing list stored locally on your system. So, there’s no direct connection to Safe Browsing’s servers for now. But if a website is trying to inject malware into your computer or steal your credentials, Chrome will send that URL to Safe Browsing’s servers.
You can enable a series of additional options, including alerts about password breaches.
By checking this option, you basically turn off Safe Browsing. Your computer won’t be protected against malicious websites. And Chrome won’t alert you about any cyber-threats.
We don’t recommend disabling Safe Browsing. If you’re worried about your browsing data being sent to Google, you can enable Standard Protection.
Safe Browsing Lookup API
Google also maintains the Safe Browsing Lookup API. Developers can use this security protocol to check URLs against Google’s lists of unsafe webpages. If an URL has been flagged as a phishing and deceptive website or as a webpage hosting malware, the API will return an Unsafe result.
Many users expressed their privacy concerns in regards to the Lookup API. This is because the protocol does not hash the URLs to be analyzed. As a result, the server knows what URLs API users have analyzed.
Safe Browsing Update API
On the other hand, if you’re a regular browser user, there’s nothing to worry about. Chrome uses the Safe Browsing Update API. This tool downloads an encrypted list of URLs (32-bit hash prefixes) on your computer. So when your browser checks an URL, the server doesn’t know what website is analyzed.
Furthermore, when Chrome sends a verification request to Google, it sends only the first 32 bits of an SHA-256 hash of that URL. Google cannot determine the complete URL based only on a partial URL fingerprint.
If you want to learn more about the Safe Browsing API, check out this support page from Google Developers.
⇒ Fun Facts:
- Did you know that Google updates the Safe Browsing list every 30 minutes?
- Google Safe Browsing protects over four billion devices every single day. Thanks, Google!