To keep your data private, Google Chrome uses Safe Browsing to protect you against:
- Abusive websites and extensions
- Malicious and intrusive ads
- Malware
- Phishing
- Social engineering
Standard protection
With standard protection, Chrome checks the sites that you go to, the extensions that you have installed and the files that you attempt to download against Google's list of unsafe sites and downloads. Sites and downloads on this list are associated with abusive websites and extensions, malicious and intrusive ads, malware, phishing and social engineering. Chrome periodically downloads and stores the most recent copy of this list on your device. It also stores a list of sites known to be safe.
Each time that you visit a website or attempt a download, Chrome first checks if the URL is on the list of safe sites stored on your device. If it's not, Chrome sends an obfuscated portion of the URL to Google through a privacy server that hides your IP address. If Google confirms that the website or download is malicious, Chrome warns you that it may be dangerous. If you have an abusive or malicious extension installed, Chrome disables it. In some cases, if the request to the privacy server fails or you're browsing in Incognito mode, the site gets checked against the list of unsafe sites stored on your device instead of the list stored with Google. In these cases, if there's evidence of suspicious behaviour, Chrome sends an obfuscated portion of the URL to Google.
In addition to the protections described above, Chrome will send a report to Google if it finds suspicious page behaviour or suspicious actions that you may have been tricked into performing. For example, when you enter a previously saved password on a new site, Chrome checks with Google to determine whether the page might be phishing, a type of social engineering attack used to steal your data. If it's determined that the site is phishing, Chrome asks you to check or change your password.
Sites are checked for phishing and social engineering terms. Chrome sends a small set of visual features to Google and compares the site to a list of dangerous sites to determine whether it's malicious. Some security features are disabled in Incognito to prevent revealing additional data to Google.
You can opt in to extra features that share more of your data with Google to help improve security for you and for all Chrome users.
- Help improve security on the web for everyone: When 'Help improve security on the web for everyone' is turned on, Chrome reports headers and snippets of content from the page to help improve Safe Browsing and security on the Internet. If you select enhanced protection, this setting is automatically on and can't be turned off.
- Warn you if passwords are exposed in a data breach: When 'Warn you if passwords are exposed in a data breach' is turned on, Chrome sends a hashed copy of your username and password to Google. This information is encrypted with a secret key known only to Chrome to check if your passwords were compromised in a password breach. If you select enhanced protection, this setting is automatically on and can't be turned off.
Enhanced protection
Enhanced protection sends more information about your activity to Google in real time to offer stronger, more customised protection. This information includes the URLs that you visit and a small sample of page content, downloads, extension activity and system information.
Enhanced protection includes the default and optional features included in standard protection. Enhanced protection uses the extra information to warn you about:
- Risky sites: Chrome analyses data from sites that you visit to detect and warn you about potentially risky sites and iframes, even if Google didn't know about them before.
- Dangerous downloads: You can choose to send suspicious files to Google for additional scans to detect malware. These scans help find new malware or dangerous files hosted on a new site.
- Untrusted extensions: Chrome warns you when an extension you want to install isn't trusted by the Chrome Web Store.
If you're signed in, enhanced protection does even more. It protects you across other Google apps where you're signed in by linking data across your Google Account. For example, if we find phishing attempts in your Gmail, we increase your protection as you open sites and downloads in Chrome. Enhanced protection will not slow down your browsing experience.
With standard and enhanced levels of protection, Safe Browsing data is only used to protect and improve security for you and other web users.
With standard protection:
- Chrome hides your IP address by sending an obfuscated portion of the URLs that you visit through a third-party privacy server before forwarding it to Google. This way, Google and the third party that operates the privacy server can't associate a real URL with your IP address.
- Chrome only sends additional data when there is evidence of a security incident.
- If suspicious behaviour is detected, Chrome sends obfuscated or full URLs and bits of page content directly to Google Safe Browsing. For example, if you reuse a previously saved password on an uncommon site or if a site doesn't pass a phishing-detection check, a full URL may be sent with the report.
With enhanced protection:
- Chrome sends additional data when it doesn't have information about the site that you're about to visit.
- Chrome sends URLs and bits of page content to Google Safe Browsing.
- You get the highest safety available in Chrome to protect you from things like malicious actors, malware and phishing attacks.
You can choose your level of Safe Browsing and how much of your data is sent to Google to improve security for you and other web users. You can always choose to visit an unsafe site or download a dangerous file after you get a warning from Chrome.
Change your Safe Browsing settings
Important: If you turn off Safe Browsing, Chrome can't protect you from websites that try to steal your information or install harmful software. We recommend some level of protection.
Computer
- On your computer, open Chrome.
- At the top right, select More Settings Privacy and security Security.
- Select the level of protection that you want to use.
Android
- On your Android device, open Chrome .
- At the top right, tap More Settings Privacy and security Safe Browsing.
- Select the level of protection that you want to use.
iOS
- On your iPhone or iPad, open Chrome .
- At the bottom right, tap More Settings Privacy and security Safe Browsing.
- Select the level of protection that you want to use.
Change your 'Help improve security' settings
If you select standard protection, you can choose whether 'Help improve security on the web for everyone' is turned on or off. With enhanced protection, this feature is on by default and can't be turned off.
Computer
- On your computer, open Chrome.
- At the top right, select More Settings Privacy and security Security.
- Under 'Standard protection', turn Help improve security on the web for everyone on or off.
Android
- On your Android device, open Chrome .
- At the top right, tap More Settings Privacy and security Safe Browsing.
- Under 'Standard protection', turn Help improve security on the web for everyone on or off.
iOS
- On your iPhone or iPad, open Chrome .
- At the top right, tap More Settings Privacy and security Safe Browsing.
- Tap Standard protection .
- Turn Help improve security on the web for everyone on or off.
Change your Make searches and browsing better settings
When 'Make searches and browsing better' is turned on, Chrome sends URLs of the pages that you visit to improve your browsing experience and security. Learn more about URLs from private browsing activity and Incognito mode.
Computer
- On your computer, open Chrome.
- At the top right, select More Settings You and Google Sync and Google services.
- Turn Make searches and browsing better on or off.
Android
- On your Android device, open Chrome .
- At the top right, tap More Settings Google services.
- Turn Make searches and browsing better on or off.
iOS
- On your iPhone or iPad, open Chrome .
- At the bottom right, tap More Settings Google Services.
- Turn Make searches and browsing better on or off.