Google has announced a new measure against phishing that will send the URL of less popular sites to Google. The Google Chrome browser already has a technology called Safe Browsing that checks each URL visited with a list of known phishing sites. For privacy reasons, this check is done locally on the user’s computer. The list is updated every 30 minutes.
When the user visits a URL on the list, Chrome checks a partial URL-fingerprint, the first 32 bits of an SHA-256 hash of the URL, at Google.
In this way, it is checked whether it is indeed a phishing site. On the basis of this data, Google would not be able to determine the URL visited, as the tech company itself states. However, the time window of 30 minutes when the list is updated would ensure that some phishing sites are not detected.
The now announced “real-time phishing” protection should change this. This measure can inspect the visited URL in real-time.
As soon as Chrome users visit a website, the browser checks if it is on the “safe-list.” This is a locally stored list of thousands of popular websites that Google claims to be safe. If the visited site is not on this list of popular sites, Chrome will send the URL to Google. This would also alert users to new phishing sites.
The measure is first rolled out to users who have enabled the option “Improve Searches and Browsing Functionality.”
When you want to make sure to benefit from the Google Chrome real-time protection against phishing, turn on the Help improve Chrome security setting.
Enable real-time phishing protection
Open Google Chrome, in the top right corner select the Chrome menu (three vertical dots). Open Settings from the menu, in the search bar type: Help improve Chrome security and enable the slider for Help improve Chrome security.
Read more at Google’s blog post.
You might find these articles useful