Google Chrome 92 Comes With “Up To 50 Times Faster” Phishing Detection Thanks To Improvements To Its Image Processing Technology

Google Chrome now ships with up to 50 times faster phishing detection from the latest version 92, which was promoted to the stable channel on Tuesday.

The faster detection of phishing sites is a result of improvements to Chrome image processing technology used to compare the color profiles of visited websites with collections of signals associated with phishing landing pages.

Every time you navigate to a new page, Chrome evaluates a set of signals about the page to see if it matches those from phishing sites. To do this, Chrome compares the color profile of the page visited – that is to say the range and frequency of the colors present on the page – with the color profiles of the current pages. For example in the image below, we can see that the colors are mostly orange, followed by green and then a touch of purple.
If the site is a known phishing site, Chrome warns you to protect your personal information and prevent you from exposing your credentials.
To protect your privacy, by default, Chrome’s safe browsing mode does not send any images outside of the browser. While this is great for privacy, it does mean that your machine has to do all the work to analyze the image.

Image processing can often be heavy workloads because image analysis requires an evaluation of each pixel in what is commonly referred to as a “pixel loop”. Some modern monitors display over 14 million pixels, so even simple operations on each of those pixels can be a lot of CPU usage! For phishing detection, the operation performed on each pixel is the counting of its base colors.

Here is what it looks like. Counts are stored in an associative data structure called a hashmap. For each pixel, Chrome extracts its RGB color values ​​and stores the counts in one of 3 different hash maps – one for each color.

What you'll see if a phishing attempt is detected
What you’ll see if a phishing attempt is detected

To protect your privacy, by default, Chrome’s safe browsing mode does not send any images outside of the browser. While this is great for privacy, it does mean that your machine has to do all the work to analyze the image.

Image processing can often be heavy workloads because image analysis requires an evaluation of each pixel in what is commonly referred to as a “pixel loop”. Some modern monitors display over 14 million pixels, so even simple operations on each of those pixels can be a lot of CPU usage! For phishing detection, the operation performed on each pixel is the counting of its base colors.

Here is what it looks like. Counts are stored in an associative data structure called a hashmap. For each pixel, Chrome extracts its RGB color values ​​and stores the counts in one of 3 different hash maps – one for each color.

Google chrome phishing detection fraud security-2

“As of M92, Chrome now performs an image-based phishing classification up to 50 times faster at the 50th percentile and 2.5 times faster at the 99th percentile,” said Olivier Li Shing Tat-Dupuis, developer of Chromium.

“On average, users will get their phishing classification results after 100 milliseconds, instead of 1.8 seconds. This benefits you in two ways when using Chrome. First, using less CPU time to do the same job improves overall performance. Less CPU time means less battery drain and less time with rotating fans.

“Second, getting results faster means Chrome can notify you sooner. Optimization reduced the percentage of requests that took more than 5 seconds to process from 16.25% to less than 1.6%. This speed improvement makes a real difference in security – especially when it comes to preventing yourself from entering your password on a malicious site!

“Overall, these changes reduce the total CPU time used by all Chrome renderers and utility processes by almost 1.2%.”

Chrome 92 also includes security updates for 35 high, medium and low severity vulnerabilities.

Site isolation

The isolation of sites, with sites that are treated separately so that they cannot access data created by another site and stored by the browser, is extended. This applies in particular to extensions so that they cannot share processes with each other. It is a security feature to be seen in the context of malicious sites and extensions.

Introduced with version 87 of Google Chrome, Chrome Actions allow you to perform certain tasks directly from the address bar, for example to clear browsing data with a button that appears in autocomplete suggestions after have entered delete.

“Chrome’s site isolation is an essential security defense that makes it harder for malicious websites to steal data from other websites. On Windows, Mac, Linux, and Chrome OS, Site Isolation protects all websites from each other and also ensures that they don’t share processes with extensions, which are more privileged than websites. Starting with Chrome 92, we will start to extend this capability so that extensions can no longer share processes with each other. This provides an additional line of defense against malicious extensions, without removing existing extension capabilities.

“Meanwhile, site isolation on Android is currently focused on protecting high-value sites to reduce performance overhead. Today we are announcing two site isolation improvements that will protect more sites for our Android users. Starting with Chrome 92, site isolation will apply to sites where users sign in through third-party providers, as well as sites with Cross-Origin-Opener-Policy headers.

“Our ongoing goal with Site Isolation for Android is to provide additional layers of security without compromising the user experience for devices with limited resources. Site isolation for all sites is still too expensive for most Android devices. Our strategy is therefore to improve heuristics to prioritize the sites that benefit the most from additional protection. So far, Chrome has isolated sites where users log in by entering a password. However, many sites allow users to authenticate to a third-party site (for example, sites offering “Sign in with Google”), perhaps without the user ever entering a password. This is most often accomplished with the industry standard OAuth protocol. Starting with Chrome 92, site isolation will recognize common OAuth interactions and protect sites that rely on an OAuth-based login, so user data is safe no matter how the user chooses to. to authenticate.

“In addition, Chrome will now trigger site isolation based on the new Cross-Origin-Opener-Policy (COOP) response header. Supported since Chrome 83, this header allows security-conscious website operators to request a new group of navigation contexts for certain HTML documents. This allows the document to better isolate itself from untrusted origins, preventing attackers from referencing or manipulating the site’s top-level window. It is also one of the required headers to use powerful APIs like SharedArrayBuffers. Starting with Chrome 92, site isolation will treat non-default COOP header values ​​on any document as a signal that the document’s underlying site may contain sensitive data and will start to isolate these sites. Thus, site operators who wish to ensure that their sites are protected by Site Isolation on Android can do so by broadcasting COOP headers on their sites ”.

Faster and faster with each version

Google has been working on improving the performance of its web browser for some time, recently announcing a significant performance boost in Chrome 91 due to improvements to the open source JavaScript engine and WebAssembly V8.

Chrome runs JavaScript code 23% faster with the inclusion of a new JavaScript compiler and the use of a new way to optimize the location of code in memory, as revealed by Google.

Starting with Chrome 89, released in March, Chrome’s browser process now requires up to 22% less memory on Windows after adding 8% memory savings in the renderer and around 3% in the GPU, while improving overall web browser responsiveness by up to 9%.

Finally, in Chrome 87, Google further optimized browser performance, resulting in 25% faster starts and 7% faster page loads.

Google Chrome also offers up to 10% faster page loads from version 85 using the compiler optimization technique known as Profile Guided Optimization (PGO).