Google is adjusting its Safe Browsing system to increase Chrome’s performance. You’ll still see a red warning label when visiting dangerous websites, but Safe Browsing will not contribute to page load times. This change is introduced in Chrome 122, which begins rollout the week of February 18th.
Since its inception, Safe Browsing has been a “blocking path” in Chrome’s page loading process—Chrome will not load a website until the Safe Browsing check is complete. This isn’t a problem when performing local checks with the Safe Browsing API, but some URLs must be relayed and processed by Google’s Safe Browsing servers. Chrome is forced to wait for a response from the Safe Browsing servers, and as a result, web pages appear to load more slowly.
The Chrome 122 update introduces “asynchronous” Safe Browsing checks. Essentially, Chrome will begin loading a page before it receives a response from the Safe Browsing system. Trustworthy sites should load more quickly, as Safe Browsing no longer acts as a barrier. If you visit an untrustworthy site, you’ll encounter the infamous red warning label, but it may appear after the site has finished loading.
This is a clear and intentional loosening of the Safe Browsing system. However, Google says that asynchronous checking will not reduce user security. The Safe Browsing relay is fast enough to serve a warning before users can interact with any unsavory elements on a web page. If you visit a fake version of your banking website, for example, Safe Browsing should catch you before you type out any login credentials.
Browser exploits, which may be delivered when loading a website, could take advantage of the asynchronous loading method. So, Chrome will continue using old-fashioned “synchronous” checks for such exploits. This doesn’t have a noticeable impact on page load times, as Chrome maintains a client-side database of sites that are known to utilize browser exploits.
Chrome is also eliminating sub-resource Safe Browsing checks. It will simply check the URL of the website you’re visiting, rather than the URLs of images, scripts, and other items. Sub-resources used to be a popular vector for malware, though this trend has greatly declined. Going forward, Chrome will use client-side technologies to identify malicious sub-resources. Such technologies already exist within the Chrome browser.
And, interestingly, Chrome has reduced the frequency at which it checks PDF downloads. Google claims that PDFs are no longer a primary vehicle for malware, and Chrome’s integrated PDF viewer is sandboxed, so safety checks are far less necessary.
These changes will be introduced in the Chrome 122 update. Again, Google claims that the loosened Safe Search system will not impact user security, though this remains to be seen. Note that these changes only affect Chrome’s Safe Search protocol. Other browsers that tap into the Safe Search database, such as Firefox, will continue checking URLs as they see fit.
Source: Google
