Google Safe Browsing

Last updated
Google Safe Browsing
Original author Google
Developer Google
Operating system Android, ChromeOS, Windows, macOS, iOS
Type Internet Security
Website safebrowsing.google.com

Google Safe Browsing is a service from Google that warns users when they attempt to visit a dangerous website or download dangerous files. As a core part of the service, Google maintains lists of URLs that contain malware or phishing content. [1] [2] This protection works across Google products, and Google says it "power[s] safer browsing experiences across the Internet". [3] Google provides public APIs for the service. [4] Web browsers including Google Chrome, [5] Safari, [6] Firefox, [7] Vivaldi, and Brave use Google Safe Browsing to check pages against potential threats. [8]

Contents

Google uses its Safe Browsing data to notify webmasters when their websites are compromised by malicious actors and helps them resolve the problem. [3] [9] Google also provides Safe Browsing information to Internet service providers by sending email alerts to autonomous system operators regarding threats hosted on their networks. [2]

As of September 2017, over 3 billion Internet devices used this service. [10] Alternatives are offered by both Tencent and Yandex. [11]

History

Google started working on Safe Browsing in 2005 as anti-phishing software. [12] Early versions included a browser extension for Firefox and labels for potentially malicious websites in Google Search results. [12] Google released its first Safe Browsing API for third-party applications in 2007. [13] Google integrated Safe Browsing into Chrome in 2008 and into Android and Google Play in 2011–2012. [12]

Privacy

Google Safe Browsing has been criticized for allowing Google to track users’ browsing behavior. Initial versions of Safe Browsing required the browser to transmit full URLs of websites to be checked, meaning that potentially all visited websites could be logged by Google. Additionally, in 2012, it was discovered the Safe Browsing integration into Apple's Safari web browser added a third-party cookie visible to Google for Safari users, even if they had not visited Google websites. [14]

Google now offers the "Update" API in addition to the "Lookup" API, using which the browser supplies part of a cryptographic hash of the URL in question, and Google responds with a set of matching URLs in its database. The browser is expected to cache these responses to avoid duplicate requests. [15] Since partial hashes are sent, the individual websites visited by the user cannot be identified from a request.

However, knowledge of the requesting IP address potentially allows detecting categories of websites or browsing behavior such as visiting multiple of a single company's websites or a group of related websites with high confidence. [16] Apple began anonymizing user IPs for Safe Browsing requests in the iOS version of Safari using a proxy server in 2021, which hides the true IP from Google, preventing cross-request correlation. [17] Google also started offering Oblivious HTTP access to its version 5 Safe Browsing API, which hides the requesting IP address. [18]

This functionality is used by Google’s own Chrome web browser for accessing Safe Browsing, [19] although Chrome also offers additional protection mechanisms beyond the Safe Browsing API available to third-party vendors. [20]

Criticism

In 2012, a security research company reported evidence that Google provided a more effective Safe Browsing service to Google Chrome users, compared to Firefox and Safari users. [21]

Websites that do not otherwise contain malware have been blacklisted by Google Safe Browsing due to the presence of infected display ads. Requesting removal from the blacklist requires the webmaster to create a Google Search Console account and wait several days for removal from the blacklist. [22]

There have also been concerns that Google Safe Browsing could be used for censorship, however as of 2016 this had not happened. [23] [24]

See also

References

  1. Schwartz, Barry (May 23, 2008). "Google's Safe Browsing Diagnostic Tool". Search Engine Land. Retrieved 2012-09-01.
  2. 1 2 Constantin, Lucian (Dec 2, 2011). "Google Safe Browsing Alerts Network Admins About Malware Distribution Domains". PCWorld.com. Retrieved 2012-09-01.
  3. 1 2 "Google Safe Browsing". Google. Retrieved 2025-09-20.
  4. "Google Safe Browsing". Google for Developers. Retrieved 2025-09-20.
  5. "Manage warnings about unsafe sites". Google Chrome Help. Archived from the original on 2025-09-04. Retrieved 2025-09-21.
  6. Cimpanu, Catalin (2021-02-12). "Apple will proxy Safe Browsing traffic on iOS 14.5 to hide user IPs from Google". ZDNET. Retrieved 2025-09-21.
  7. "How does built-in Phishing and Malware Protection work?". Mozilla Support. Mozilla Foundation. 2024-01-12. Retrieved 2025-09-20.
  8. Mathews, Lee (2019-06-20). "Google Wants Your Help Flagging Shady Websites". Forbes. Retrieved 2025-09-21.
  9. Li, Frank; Ho, Grant; Kuan, Eric; Niu, Yuan; Ballard, Lucas; Thomas, Kurt; Bursztein, Elie; Paxson, Vern (2016-04-11). "Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension". Proceedings of the 25th International Conference on World Wide Web. WWW '16. Republic and Canton of Geneva, CHE: International World Wide Web Conferences Steering Committee. pp. 1009–1019. doi:10.1145/2872427.2883039. ISBN   978-1-4503-4143-1.
  10. Somogyi, Stephan; Miller, Allison (2017-09-11). "Safe Browsing: Protecting more than 3 billion devices worldwide, automatically". The Google Blog. Retrieved 2025-09-20.
  11. Gerbet, Thomas; Kumar, Amrit; Lauradoux, Cedric (June 2016). "A Privacy Analysis of Google and Yandex Safe Browsing" (PDF). 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). Toulouse, France: IEEE. pp. 347–358. doi:10.1109/DSN.2016.39. ISBN   978-1-4673-8891-7. S2CID   17276613.
  12. 1 2 3 Newman, Lily Hay (2018-07-17). "How Google's Safe Browsing Helped Build a More Secure Web". Wired. ISSN   1059-1028 . Retrieved 2025-09-21.
  13. Naraine, Ryan (2007-06-18). "Google releases Safe Browsing API". ZDNET. Retrieved 2025-09-21.
  14. ashkansoltani (2012-02-25). "Cookies from Nowhere". Ashkan Soltani. Retrieved 2025-10-22.
  15. "Overview | Safe Browsing APIs (v4)". Google for Developers. Retrieved 2025-10-22.
  16. "How safe browsing fails to protect user privacy". The Trail of Bits Blog. 2019-10-30. Retrieved 2025-10-22.
  17. "Apple will proxy Safe Browsing traffic on iOS 14.5 to hide user IPs from Google". ZDNET. Retrieved 2025-10-22.
  18. "Overview | Google Safe Browsing". Google for Developers. Retrieved 2025-10-22.
  19. Amadeo, Ron (2024-03-15). "Google says Chrome's new real-time URL scanner won't invade your privacy". Ars Technica. Retrieved 2025-10-22.
  20. "How Chrome Safe Browsing keeps your browsing data private - Android - Google Chrome Help". support.google.com. Archived from the original on 2025-10-10. Retrieved 2025-10-22.
  21. Bott, Ed (2012-02-06). "Did Google withhold malware protection details from partners?". ZDNET. Retrieved 2025-09-21.
  22. Paul, Venezia. "Google Safe Browsing Makes the Innocent Look Guilty". PCWorld. Archived from the original on 23 June 2021. Retrieved 2018-07-29.
  23. Epstein, Robert (22 June 2016). "The New Censorship". U.S. News and World Report. Retrieved 2025-09-20.
  24. Gerbet, Thomas (2015). Safe Browsing Services: to Track, Censor and Protect (report thesis). INRIA. pp. 7–8. Retrieved 21 September 2025.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.