谷歌为Chrome用户推出增强的实时URL保护

Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites.

谷歌周四宣布增强版安全浏览，提供实时、保护隐私的URL保护，保护用户免受访问潜在恶意站点的风险。

"The Standard protection mode for Chrome on desktop and iOS will check sites against Google's server-side list of known bad sites in real-time," Google's Jonathan Li and Jasika Bawa said.

"桌面和iOS上的Chrome的标准保护模式将实时检查网站是否属于谷歌的已知恶意网站列表，"谷歌的Jonathan Li和Jasika Bawa说。

"If we suspect a site poses a risk to you or your device, you'll see a warning with more information. By checking sites in real time, we expect to block 25% more phishing attempts."

"如果我们怀疑一个网站对您或您的设备构成风险，您将看到一个带有更多信息的警告。通过实时检查网站，我们预计将阻止25%更多的网络钓鱼尝试。"

Up until now, the Chrome browser used a locally-stored list of known unsafe sites that's updated every 30 to 60 minutes, and then leveraging a hash-based approach to compare every site visited against the database.

到目前为止，Chrome浏览器使用本地存储的已知不安全网站列表，每30至60分钟更新一次，然后利用基于哈希的方法来比较访问的每个网站与数据库。

Google first revealed its plans to switch to real-time server-side checks without sharing users' browsing history with the company in September 2023.

谷歌于2023年9月首次披露了其计划转向实时服务器端检查，而不与公司分享用户的浏览历史。

The reason for the change, the search giant said, is motivated by the fact that the list of harmful websites is growing at a rapid pace and that 60% of the phishing domains exist for less than 10 minutes, making it difficult to block.

这家搜索巨头表示，变更的原因是有害网站列表正在迅速增长，60%的网络钓鱼域名存在时间不到10分钟，这使得难以阻止。

"Not all devices have the resources necessary to maintain this growing list, nor are they always able to receive and apply updates to the list at the frequency necessary to benefit from full protection," it added.

因此，通过新的架构，每当用户尝试访问一个网站时，URL将与浏览器的全局和本地缓存以及以前安全浏览检查的结果进行比较，以确定网站的状态。

Thus, with the new architecture, every time a user attempts to visit a website, the URL is checked against the browser's global and local caches containing known safe URLs and the results of previous Safe Browsing checks in order to determine the site's status.

Should the visited URL be absent from the caches, a real-time check is performed by obfuscating the URL into 32-byte full hashes, which are then truncated into 4-byte long hash prefixes, encrypted, and sent to a privacy server.

如果访问的URL不在缓存中，浏览器会将URL混淆为32字节的完整哈希，然后截断为4字节长的哈希前缀，加密并发送到一个隐私服务器进行实时检查。

"The privacy server removes potential user identifiers and forwards the encrypted hash prefixes to the Safe Browsing server via a TLS connection that mixes requests with many other Chrome users," Google explained.

"隐私服务器会移除潜在的用户标识符，并通过一个TLS连接将加密的哈希前缀转发到安全浏览服务器，该连接会将请求与许多其他Chrome用户的请求混合在一起。"

The Safe Browsing server subsequently decrypts the hash prefixes and matches them against the server-side database to return full hashes of all unsafe URLs that match one of the hash prefixes sent by the browser.

安全浏览服务器随后解密哈希前缀，并与服务器端数据库进行匹配，返回与浏览器发送的哈希前缀之一匹配的所有不安全URL的完整哈希。

Finally, on the client side, the full hashes are compared against the full hashes of the visited URL, and a warning message is displayed if a match is found.

最后，在客户端上，与访问的URL的完整哈希进行比较，如果找到匹配，则显示警告消息。

Google also confirmed that the privacy server is nothing but an Oblivious HTTP (OHTTP) relay operated by Fastly that sits between Chrome and the Safe Browsing server to prevent the latter from access users' IP addresses, thereby preventing it from correlating the URL checks with a user's internet browsing history.

谷歌还确认，隐私服务器只是由Fastly运营的一个遗忘HTTP（OHTTP）中继，位于Chrome和安全浏览服务器之间，以防止后者访问用户的IP地址，从而防止其将URL检查与用户的互联网浏览历史相关联。

"Ultimately, Safe Browsing sees the hash prefixes of your URL but not your IP address, and the privacy server sees your IP address but not the hash prefixes," the company emphasized. "No single party has access to both your identity and the hash prefixes. As such, your browsing activity remains private."

"最终，安全浏览只看到您的URL的哈希前缀，而不是您的IP地址，而隐私服务器只看到您的IP地址，而不看到哈希前缀。"

参考资料

[1]https://thehackernews.com/2024/03/google-introduces-enhanced-real-time.html

关注我们

        欢迎来到我们的公众号！我们专注于全球网络安全和精选双语资讯，为您带来最新的资讯和深入的分析。在这里，您可以了解世界各地的网络安全事件，同时通过我们的双语新闻，获取更多的行业知识。感谢您选择关注我们，我们将继续努力，为您带来有价值的内容。

原文始发于微信公众号（知机安全）：谷歌为Chrome用户推出增强的实时URL保护