Real-time, privacy-preserving URL protection

Google Safe Browsing's new version provides real-time URL protection in Standard mode without compromising privacy. Instead of relying on a locally-stored list of unsafe sites, Chrome now checks URLs against a constantly updated server-side list. This method ensures protection against emerging threats that exist for less than 10 minutes, which the previous hash-based check missed. To preserve privacy, Chrome encrypts and truncates URL hash prefixes before sending them to a privacy server, which forwards them to Safe Browsing without user identifiers. Safe Browsing checks the hash prefixes against its server-side database and returns unsafe URL full hashes to Chrome, which checks them against the visited URL's full hashes to determine warnings. The privacy server, operated by Fastly, does not see the hash prefixes, and Safe Browsing does not see the user's IP address, ensuring separation of data. To maintain speed, Chrome checks against a local and global cache before performing real-time checks. In case of unsuccessful real-time requests, Chrome falls back to hash-based checks. Asynchronous loading mechanisms will be introduced to avoid blocking page load during real-time checks. Enhanced Protection mode remains recommended for additional protection, as it uses machine learning models to protect against newly created or cloaked malicious sites. Eligible developers can access these protections through the Safe Browsing API for non-commercial use cases.