Google today announced a significant update to its Chrome browser that aims to strike a balance between user protection and data privacy. The tech giant claims that its new real-time browsing protection feature for Chrome’s Standard mode can better safeguard users from potential threats while preserving their online anonymity.

For years, Chrome’s Safe Browsing feature has relied on a locally stored database of potentially unsafe URLs that is updated every 30 to 60 minutes. However, this approach has proven inadequate in today’s rapidly evolving threat landscape, where malicious sites often have a fleeting existence of less than 10 minutes. As a result, numerous unsafe sites have managed to slip through the cracks, leaving users vulnerable.

To address this issue, Google introduced an opt-in Enhanced protection mode for Safe Browsing, which taps into the company’s server-side database for real-time threat detection. However, this enhanced protection comes at the cost of users having to provide Google with more security-related data, raising privacy concerns for some individuals.

Enter Google’s latest solution: a revamped version of Safe Browsing that promises to deliver real-time protection while maintaining user privacy. At the heart of this new approach is an API that obfuscates the URLs of visited sites from Google itself.

Here’s how it works

When a user visits a site that cannot be found in Chrome’s local database, Google will send an encrypted version of the URL to Fastly’s independently operated privacy server. This server strips the URL of any potential user identifiers, such as IP addresses, and cannot decrypt the URL itself. It then forwards the anonymized URL to Safe Browsing’s server-side database via a secure connection that mixes the user’s request with those of other Chrome users, further obscuring the origin.

Safe Browsing can then decrypt the URL to its full hash form – which still conceals the actual URL – and check it against its extensive list of known threats. If a match is found, Google will receive only the encrypted hash form, allowing it to warn the user of the potential danger without ever gaining access to the user’s browsing activity or personal information.

According to Google, this process ensures that no single party can see both a user’s IP address and the URL’s hash prefixes, effectively preserving privacy throughout the entire sequence. At the same time, the company claims that this new real-time checking mechanism should enable it to block 25 percent more phishing attempts than before.

While both the Standard and Enhanced modes of Safe Browsing now offer real-time threat detection, Google maintains that the Enhanced version continues to provide an extra layer of protection. It includes additional features such as AI-powered attack prevention, deep file scans, and safeguards against potentially dangerous Chrome extensions.

The new real-time checking feature for Chrome’s Standard mode is currently available on desktop and iOS platforms, with an Android rollout scheduled for later this month. As the debate over online privacy and security rages on, Google’s latest move represents a concerted effort to address both concerns simultaneously, offering users a more robust line of defense against threats without compromising their right to anonymity.