Chrome just got better at protecting you from scams, shady websites, bad passwords: Here's how

Chrome already deploys a host of protection techniques to protect users against malicious websites as they browse through the internet. Now, Google has announced that it is amping up the protection on Chrome by introducing new functionalities that protect users against internet-based threats in real-time.  The company today announced that it is upgrading the Standard Protection Mode of Safe Browsing on Chrome such that it will now check sites using Safe Browsing’s real-time protection protocol without sharing users’ browsing history with Google. This feature is being rolled out on Chrome for desktop, Android and iOS.

What happens right now is that Chrome protects users against dangerous sites and files using its Safe Browsing tool that discovers unsafe sites and adds them to its lists of harmful sites and files. One of these lists is stored on users’ devices. To make this process faster and for privacy reasons, Chrome first checks a site against the locally stored list, which gets updated every 30 to 60 minutes.

But now, malicious actors behind these unsafe sites have adopted a new trick. As Google points out, majority of these malicious sites exist for less than 10 minutes. This means by the time Google updates its list, a lot of these websites would have slipped through. And while Chrome can update the on-device list as soon as a shady website is detected, not all devices have the storage to deal with this amount of data. This is where Chrome’s new feature comes into picture.

How does Chrome’s new feature work?

Chrome now checks a website that is maintained on the Safe Browsing server. This list can grow as large as needed as it now maintained on one of Google‘s separate servers.

When a user visits a site, Chrome first checks it against the on-device list. If the visited website is not there it checks it against the list on the Safe Browsing server. To protect a user’s privacy, Chrome encrypts the data in a way that it removes potential user identifiers from the data it shares with the server to identify a malicious site. If any match is found, Chrome will show a warning.

Furthermore, Google has partnered with an edge cloud platform called Fastly to ensure that the Safe Browsing does not see the user’s IP address. This means that Google’s server cannot co-relate the request that it got with the user’s device. It also cannot access and share a user’s browsing history with Google.

Image: Google

Chrome on iOS is getting better too

Lastly, Google has also rolled out an update to Password Checkup tool on Chrome. Google says that Chrome will now display an alert whenever it detects an issue with a password that a user has entered. Simply put, Chrome will not only flag compromised passwords, but it will also flag weak and reused passwords to iOS users now.