Google Chrome includes an optional

Google Chrome includes an optional feature called "Safe Browsing" to help protect you against phishing and malware attacks. This helps prevent evil-doers from tricking you into sharing personal information with them (“phishing”) or installing malicious software on your computer (“malware”). The approach used to accomplish this was designed specifically to protect your privacy and is also used by other popular browsers.

If you'd rather not send any information to Safe Browsing, you can also turn these features off. Please be aware that Chrome will no longer be able to protect you from websites that try to steal your information or install harmful software if you disable this feature. We really don't recommend turning it off.

When Safe Browsing is enabled in Chrome, Chrome will contact Google's servers periodically to download the most recent Safe Browsing list, containing suspected phishing and malware sites. The most recent copy of this list is stored locally on your system. Chrome will check the URL of each site you visit or file you download against this local list. If you navigate to a URL that matches against the local known-bad list, Chrome sends a partial URL fingerprint (the first 32 bits of a SHA-256 hash of the URL) to Google for verification that the URL is indeed dangerous. Google cannot determine the full URL from this information.

If a URL was indeed dangerous, Chrome reports this anonymously to Google to improve Safe Browsing. The data sent is randomized, constructed in a manner that ensures differential privacy, permitting only monitoring of aggregate statistics that apply to tens of thousands of users at minimum. The reports are an instance of Randomized Aggregatable Privacy-Preserving Ordinal Responses, whose full technical details have been published in a technical report and presented at the 2014 ACM Computer and Communications Security conference. This means that Google cannot infer which website you have visited from this.

In addition to the URL check described above, Chrome also conducts client-side checks. If a website looks suspicious, it sends a subset of likely phishing and social engineering terms found on the page to Google to obtain additional information available from Google's servers on whether the the website should be considered malicious.

If you have also opted-in to sending usage statistics in Chrome and you visit a site or download a file that Chrome has determined could be potentially harmful, Chrome will send certain additional data to Google, including the full URL that matched the Safe Browsing list or appeared as a phishing site and the referrer URL chain.

If you encounter a website that is on Chrome’s Safe Browsing list, you will see a warning like the one pictured below. From that warning screen, you can choose to have Chrome send additional information to Google to help improve Safe Browsing, such as the content of the suspicious page. This information can be used by Google to verify whether the site may still be harmful to future users. While opted-in to help improve Safe Browsing, this information will be sent every time you receive a malware warning. This data is sent to Google over SSL, and does not include any data originally sent over HTTPS except the URLs and referrers of requests, and does not include data from sites you visit in Incognito mode.

You can see how this warning might look below (e.g. on a Mac) or by visiting our test page. The phishing warning will look different.