Chrome is making a key change to protect you from phishing

Phishing campaigns — where a fraudulent website or email is made to look like it comes from a legitimate source — have caused a huge amount of destruction, leading to untold numbers of virus infections and money lost through scams. Google has just rolled out a powerful way to fight phishing in its Chrome browser, however, and it could help you avoid falling victim. As part of Chrome’s 15th-anniversary update, Google will be pushing its Enhanced Safe Browsing feature to all users in the coming weeks. This checks website URLs against a list of malicious sites stored on Google’s cloud servers, all in real time. If a match is found, the website is blocked and a warning is displayed to users. Previously, Enhanced Safe Browsing was an optional feature that could be manually enabled in Chrome’s settings. Now, however, it is going to become the default way to add protection against phishing attacks while using Chrome. That’s because Google will soon discontinue its old phishing protection feature called Safe Browsing. This ‘non-enhanced’ version stores a list of malicious websites locally on your computer and checks visited sites against that. The problem with this approach is that the list can’t detect phishing websites that launched after Safe Browsing was last updated. Google says that Safe Browsing’s database is updated every 30 to 60 minutes, but that’s not enough to keep you safe. According to a Google blog post, “60% of [phishing websites] exist for less than 10 minutes, making them difficult to block.” By switching to Enhanced Safe Browsing, Google says “we expect to see 25% improved protection from malware and phishing threats.” Discontinuing the old Safe Browsing feature and switching everyone to Enhanced Safe Browsing means you don’t need to rely on an outdated bank of nefarious websites, reducing the number of phishing attempts that go undetected. It follows other efforts from Google to fix vulnerabilities much faster than before. However, Enhanced Safe Browsing comes with a potential privacy trade-off. Since it uses a database stored on Google’s servers rather than on your local machine, it means that every URL you visit is sent to Google for checking. According to Bleeping Computer, “The feature will also send a small sample of pages to Google to discover new threats,” while “the transferred data is also temporarily linked to your Google account to detect if an attack targets your browser or account.” There is concern that Google could use this data for advertising purposes, given the search giant’s history of harvesting customer data and other questionable tactics. However, Google told Bleeping Computer that no data submitted through Enhanced Safe Browsing will be used for advertising or anything other than phishing protection. Google says that all users will start being moved over to Enhanced Safe Browsing “in the coming weeks.” If you use Google Chrome, you could soon get a new tool in the fight against phishing — provided it respects your privacy. There are probably hundreds of thousands of Google Chrome extensions out there, and with so many options to choose from, it can be hard to know whether the plugin you want to install is hiding malware nasties. That could become a thing of the past, though, as Google is testing a feature that will warn you if an extension you installed has been removed from its Chrome Web Store. Google is looking to get ahead of high-severity vulnerabilities on its Chrome browser by shortening the time between security updates. The brand hopes that more frequent updates will give bad actors less time to access and exploit n-day and zero-day flaws found within Chrome browser code.   With various cybersecurity threats on a constant rise, it certainly feels like dangerous malware is around every corner. This time, it found its way into PowerPoint presentations disguised as helpful guides on how to protect yourself against phishing. The irony of it all is strong, but the worst part is that this malware could help attackers empty your bank account.