Google Safe Browsing is a set of policies to help users remain protected and aware of potential security threats when using Google products. Google has offered Safe Browsing protections since 2005, and most users are familiar with the cautionary notice that precedes potentially dangerous websites.
This article provides an overview of Google Safe Browsing and why it matters for cybersecurity, as well as cybersecurity risks that website administrators can remedy if Safe Browsing protections flag concerns for your website.
What is Google Safe Browsing?
Google Safe Browsing is a set of protections to defend internet users from online threats. Safe Browsing policies notify users about malware hosted on a website, unwanted software, malicious downloadable executables, and sites known for social engineering and phishing. Deceptive sites and unwanted software can lead to data leaks and negative impact on your device's computing power.
The Safe Browsing services are available across five of Google's product areas:
- Google Chrome and Chromium-based browsers such as Mozilla Firefox, Safari, and Brave
- Android mobile devices and Google Play applications for smartphones (Android and iOS)
- Google Search
- Google Ads
- Gmail email security
These policies are available by default when using Google services, but individual users can also set up the Enhanced Safe Browsing protocol for their personal Google account or Chrome-based web browsers if they wish to benefit from tailored protections and additional checks.
Most internet users will recognize the Safe Browsing warning issued when Google Safe Browsing identifies a harmful site. These warnings can appear both when visiting a harmful website and when a potentially harmful site appears in Google Search results. Users can then make a more informed decision about whether they wish to access the site anyway.
The warning also appears in the URL address bar where users might otherwise receive the HTTPS padlock icon.
Google offers two methods (one commercial and one non-commercial) for web developers to work with Safe Browsing policies. The Web Risk API empowers developers to build commercial applications in Google Cloud that can check URLs against the list of unsafe resources. The Safe Browsing API is available for non-commercial purposes.
Google Safe Browsing protects over five billion devices with automated warning notifications for users as they navigate the web. If a site is hacked, then Google Safe Browsing will also notify the website owner of the attack so they can run diagnostics to remedy issues. This information is available in the Webmaster Tools interface for sites registered with Google.
Google Safe Browsing Risk Findings
You can also use automated tools like UpGuard BreachSight that integrate with Google's APIs to pair the data from Safe Browsing checks with other cybersecurity threat identification.
BreachSight refers to the Google Safe Browsing list of potentially dangerous sites to inform website administrators of the following risk findings as each relates to the primarily risk identification performed by Safe Browsing protections:
- Suspected phishing page
- Suspected malware provider
- Suspected of unwanted software
A Suspected phishing page finding means the website has been identified with suspicious activity that may lead to a social engineering attack. If a domain is flagged for suspected phishing, it means that someone is sending emails from that domain and the recipients have reported the emails as phishing attempts.
If you receive a Suspected malware provider finding, then your website appears on the Safe Browsing list of sites that distribute malware. A site flagged for malicious file distribution does not comply with software guidelines or other suspicious activity on the domain has been reported by users.
The Suspected of unwanted software finding indicates that the website appears on the list of sites distributing unwanted software. Similar to malware distribution, unwanted software negatively affects the user's experience through deceptive or unexpected means. Though it is less harmful than malware, unwanted software is still a problem to be remedied by the website administrator during any website clean-up tasks.
If your website returns any of these findings, take action to protect users and stop unauthorized behavior by malicious actors.
How to Resolve Safe Browsing Risks
If you have received one of the Safe Browsing risk findings, you need to resolve the security issue that has identified your website as an unsafe site and submit a Security Issues report directly with Google through your Search Console account.
For proactive maintenance, ensure that your domain, web resources, and any downloadable software adheres to the Unwanted Software Policy and malware guidelines outlined in Google's developers portal. Maintaining compliance with these policies limits the possibility that your website could be used for nefarious purposes by bad actors.
Follow recommended practices for security, such as installing SSL/TLS certificates to ensure HTTPS connections, strengthening weak or insecure SSL, and requiring HTTPS Strict Transport Policy for all connections. Protect user information and sensitive data, and provide transparency to end users regarding your data collection and transmission practices.
How UpGuard Can Help
UpGuard BreachSight provides continuous monitoring for your external attack surface with automated, non-intrusive scanning. Current UpGuard users with the BreachSight feature can log in and access their Risk Profile to search for the Safe Browsing risk findings among their assets.
UpGuard also provides notifications to affirm that you have a safe site:
- Not a suspected phishing page
- Not a suspected malware provider
- Not suspected of unwanted software
These findings identify whether the expected outcome matches the actual response so you remain informed that these risks are not a concern for your site.These notifications appear in the BreachSight Risk Profile.
If you're not a current UpGuard user and you want to run an automated scan of your assets with BreachSight, sign up for a trial. BreachSight automation will help you stay updated with real-time insights to your external assets.
