Safe Browsing protectionGoogle Chro

Safe Browsing protection
Google Chrome includes an optional feature called "Safe Browsing" to help protect you against phishing, social engineering, malware, unwanted software, and abusive websites or extensions. This protection helps prevent evil-doers from tricking you (social engineering) into sharing personal information with them (phishing) or installing malicious software on your computer (malware). Safe Browsing also helps protect you from websites and extensions that abuse browser functionality to steal your data, corrupt your browser environment, or spam you with unwanted interactions. Safe Browsing is designed specifically to protect your privacy and is also used by other popular browsers.

If you'd rather not send any information to Safe Browsing, you can also turn these features off. Please be aware that if you do disable this feature, Chrome will no longer be able to protect you from websites that try to steal your information or install harmful software if you disable this feature. We really don't recommend turning it off.

Safe Browsing is able to protect users by collecting anonymous metrics to establish a baseline for what websites’ behavior or permissions may be harmful to users. Any data collected for this baseline that are specific to you or the websites you visited are randomized, constructed in a manner that ensures differential privacy, permitting only monitoring of aggregate statistics that apply to thousands of users at minimum. The reports are an instance of Randomized Aggregatable Privacy-Preserving Ordinal Responses, whose full technical details have been published in a technical report and presented at the 2014 ACM Computer and Communications Security conference. In particular, this means that Google cannot see from the reports which website you may have visited. This data is used only to improve Safe Browsing protection.

When Safe Browsing is enabled in Chrome, Chrome will contact Google's servers periodically to download the most recent Safe Browsing list, containing unsafe sites including phishing, social engineering and malware sites as well as sites that lead to unwanted software. The most recent copy of this list is stored locally on your system. Chrome will check the URL of each site you visit or file you download against this local list. If you navigate to a URL that matches against the local known-bad list, Chrome sends a partial URL fingerprint (the first 32 bits of a SHA-256 hash of the URL) to Google for verification that the URL is indeed dangerous. Chrome will also send a partial URL fingerprint when a site requests a potentially dangerous permission, so that Google can protect you if the site is malicious. Google cannot determine the actual URL from this information.

In addition to the URL check described above, Chrome also conducts client-side checks. If a website looks suspicious, it sends a subset of likely phishing and social engineering terms found on the page to Google to obtain additional information available from Google's servers on whether the the website should be considered malicious.

If you have also opted-in to sending usage statistics in Chrome and you visit a site or download a file that Chrome has determined could be potentially harmful, Chrome will send certain additional data to Google, including the full URL that matched the Safe Browsing list or appeared as a phishing site and the referrer URL chain.

If you encounter a website that is on Chrome’s Safe Browsing list, you will see a warning like the one pictured below. From that warning screen, you can additionally choose to opt into reporting security incidents to help improve Safe Browsing. This information will be sent every time you receive a warning or visit a suspicious page. This information is used solely to improve how Safe Browsing protects you and all its users from harmful sites. This data is sent to Google over SSL, and does not include any data originally sent over HTTPS except the URLs and referrers of requests, and does not include data from sites you visit in Incognito mode.

You can see how this warning might look below (e.g. on a Mac) or by visiting our test page. The phishing warning will look different.