Google says the latest version of Chrome detects phishing scams 50 times faster than its predecessor.
This dramatic improvement means users of Chrome 92, which was released on Tuesday (July 20), will be warned more quickly that they’ve unwittingly navigated to a malicious domain, claims the tech giant.
Users will on average “get their phishing classification results after 100 milliseconds, instead of 1.8 seconds”, explained Chrome developer Olivier Li Shing Tat-Dupuis in a blog post.
“This speed improvement makes a real difference in security – especially when it comes to stopping you from entering your password in a malicious site!”
Li Shing Tat-Dupuis says the streamlined detection algorithm also eases the burden on CPU time and therefore drains less battery power.
Color me good
Chrome’s development team achieved this through computational tweaks to how Chrome compares a web page’s color profile – comprising the range and frequency of colors presented – to those of known phishing domains.
Chrome’s phishing detection feature counts the basic colors in each pixel and stores the counts in one of three associative data structures called ‘hashmaps’ (for red, green, and blue colors).
The algorithm has been updated to abandon tracking red-green-blue channels in three different hashmaps in favor of “only one to index by color” – slashing counting volumes by a factor of three.
“Consecutive pixels are summed before being counted in the hashmap,” said Li Shing Tat-Dupuis. “For a site with a uniform background color, this can reduce the hashmap overhead to almost nothing.”
CPUnburdened
This streamlines image processing, which “can often generate heavy workloads” for CPUs given “some modern monitors display upwards of 14 million pixels”, said the Chrome developer.
When Safe Browsing mode is enabled, images are analyzed by the user’s machine rather than outside of the browser in order to preserve privacy.
The optimized phishing mechanism has cut CPU time used by Chrome renderer and utility processes by 1.2%.
“Chrome now executes image-based phishing classification up to 50 times faster at the 50th percentile and 2.5 times faster at the 99th percentile,” said Li Shing Tat-Dupuis.
Source: https://portswigger.net/daily-swig/google-supercharges-chromes-phishing-detection-mechanism