Safe Browsing
Safe Browsing
Browsing Protection
When Safe Browsing is enabled, all URLs will be checked before the content is allowed to begin loading. URLs are checked against two lists: malware and phishing. Depending on which list is matched we show a different warning message on the interstitial page.
Checking the Safe Browsing database is a multistep process. The URL is hashed and a synchronous check against the in-memory prefix list is done. If no match is found, the URL is considered safe immediately. If the prefix matches, an asynchronous request is made to the Safe Browsing servers for a list of all full hashes matching that prefix. Once the list is returned, the full hash is compared against the list and the URL request can be continued or cancelled. For more information, you may check the full description of the Safe Browsing Protocol.
Resource Handlers
Whenever a resource is requested, the ResourceDispatcherHost will create a chain of ResourceHandlers. For each event in the loading of the resource, each handler can choose to cancel the request, defer the request (to do some asynchronous work before deciding what to do), or continue (letting the next handler in the chain have a chance to decide). The SafeBrowsingResourceHandler is created at the head of the chain so that it has first say over whether to allow loading a resource. If safebrowsing is disabled, the SafeBrowsingResourceHandler is simply not added to the chain, and thus no browsing-related safebrowsing actions occur.
Safe Browsing Interstitial PageWhen a resource is marked as unsafe the resource request is paused and an interstitial page (SafeBrowsingBlockingPage) is displayed. The user can choose to continue anyway, which will resume the resource request, or to go back, which will cancel the resource request and return to the previous page. Malware Details Collection If the interstitial is for a hit in the malware list, the page is http (not https), and the tab is not in an incognito window, there is an opt-in option to send extra details about the the unsafe resources for further analysis. When the interstitial appears an IPC is sent to the renderer process to collect details from the DOM. The data consists of a tree of the URLs for the various frames, iframes, scripts and embeds. If the checkbox is checked when the user chooses dismisses the interstitial page, various extra details will be collected asynchronously on the browser side. First the History service is queried to get the list of redirects involved in all the URLs, then the Cache is queried to get the headers for each of the requests for those URLs, and finally the report will be sent. Download ProtectionURL Checking
The download checks operate in a similar manner to the browsing ones, though with some changes due to the different nature of downloads. It is not known that a resource request will be a download until the headers are received, therefore all downloads also go through the browsing checks. For the same reason, we cannot check the redirect URLs as we go along like is done in the browsing tests. Instead the chain of redirects is saved in the URLRequest object and once we begin the download checks all the URLs in the chain will be checked simultaneously. Since downloads are less latency sensitive than page loads, we also dispense with the in-memory database and the caching of full hash results. Finally, the check is done in parallel to the download rather than pausing the download request until the checks are done, however the file will be given a temporary name until the checks complete.
If a download is flagged as malicious, the item in the download bar will be replaced with a warning and buttons to keep or discard the file. If discard is chosen, the request will be cancelled and the file deleted. If the file is kept, it will be renamed to its actual name (with .crdownload if the download is still in progress). Hash CheckingAs the file downloads, we also compute a hash of the file data. Once the file has completed downloading this hash is checked against the download digest list. Currently we are evaluating the usefulness of the hash check so no UI is displayed. Client Side Phishing Detection
Client Side Phishing Detection runs a detection model on pages the user visits to try to detect phishing pages that are not in the safe browsing lists. On startup, and periodically afterwards, the ClientSideDetectionService will fetch an updated model. The model is sent in an IPC to every Render Process, then assigned to PhishingClassifierDelegate associated with each RenderView. This allows the classification to be done in the render process, which has access to the page text.
如果上面的图片不能看,请下载这个 Resource Request Flow
This is an overview of the code flow of handling a request. Some details are omitted to keep the size reasonable. The green line indicates the common case where loading a non-malware page only requires a synchronous check to the in-memory safebrowsing database. The dashed lines indicate asynchronous calls. The dotted magenta lines indicates a request to Google's safebrowsing server.
Note: slightly out of date, especially the download related bits. Chromium's download code is currently in the midst of a rewrite.
如果上面的图片不能看,请下载这个
 ,另存为svg格式,用chrome浏览器看!!Metrics
Safebrowsing histograms use the "SB2." prefix. Histograms for older versions used "SB.". There are also a few safebrowsing UserMetrics, filter on "SB".
Safebrowsing Database
The SafeBrowsingService is responsible for updating the various databases used by SafeBrowsing.
TODO(mattm): provide more details about database format and update process.
|
Safe Browsing相关推荐
- 单文件浏览器_图文并茂深度解析浏览器渲染原理,包看懂超值得收藏
在我们面试过程中,面试官经常会问到这么一个问题,那就是从在浏览器地址栏中输入URL到页面显示,浏览器到底发生了什么?这个问题看起来是老生常谈,但是这个问题回答的好坏,确实可以很好的反映出面试者知识的广 ...
- clamav病毒库格式解析
clamav简介 Clam AntiVirus(ClamAV)是免费而且开放源代码的防毒软件,软件与病毒码的的更新皆由社群免费发布.目前ClamAV主要是使用在由Linux.FreeBSD等Unix ...
- 史上最全!图解浏览器的工作原理
可能每一个前端工程师都想要理解浏览器的工作原理. 我们希望知道从在浏览器地址栏中输入 url 到页面展现的短短几秒内浏览器究竟做了什么: 我们希望了解平时常常听说的各种代码优化方案是究竟为什么能起到优 ...
- web应用安全防御100技 好书再次阅读, 变的只是表象,被概念迷惑的时候还是静下心来回顾本质...
如何进行web应用安全防御,是每个web安全从业者都会被问到的问题,非常不好回答,容易过于肤浅或流于理论,要阐明清楚,答案就是一本书的长度.而本文要介绍一本能很好回答这个问题的优秀书籍--<we ...
- 如何解决SSL/TLS握手过程中失败的错误?
Fixes for the SSL/TLS Handshake Failed error for both internet users and site owners It's time for a ...
- Google Play Service中安全检测API的使用说明
本篇博客主要记录一下如何利用Google Play Service进行安全检测. 1 Google Play Service的使用原理 Google Play Service提供了大量的API供用户 ...
- 浏览器内存不足导致页面崩溃_深度精读:浏览器渲染原理 [8000字图文并茂]
原文地址:https://segmentfault.com/a/1190000022633988作者:_杨溜溜 在我们面试过程中,面试官经常会问到这么一个问题,那就是从在浏览器地址栏中输入URL到页面 ...
- 提升体验-支持Chrome Custom Tabs
前言 文章比较长,先放项目地址:PaperPlane 俗话说,没图说个那啥,先看实际效果. 什么是Custom Tabs? 所有的APP开发者都面临这样一个选择,当用户点击一个URL时,是应该用浏览器 ...
- 什么是Google Play保护以及如何确保Android安全?
Android is open, flexible, and all about choice. Unfortunately, that flexibility comes more potentia ...
- Android 8.0 功能和 API--day01
没有行动的梦想都是妄想.我们揣的不仅仅是自己的心情,还有生活分配的使命:我们怀的不仅仅是个人的喜好,还有人生分给的责任,好多的事,我们想做,没做,那是责任:好多的话,我们想说,没说,那是使命,路上的景 ...
最新文章
- Ubuntu和Linux的区别
- c++Builder XE6 MD5 加密算法 BASE64 URL 编码
- redis根据通配符去批量删除指令
- PHP自动加载spl_autoload_register()
- java web 页面提速
- pragma pack(1) and #pragma pack(push,1)
- 入门机器学习(八)--神经网络参数的反向传播算法
- (12)H5新增语义化标签布局案例
- 【Arthas】Arthas Command处理流程
- php屏蔽中文浏览器,网站屏蔽中文浏览器/英文浏览器方法
- 电商系统商品库的基本功能设计与实现
- 中兴新支点操作系统上的快捷键
- 计算机水平等级全称,全国计算机等级考试介绍
- Ant Design ProV5 Table columns定义valueType
- 关于Linux系统重启过慢问题解决方案
- python中geometry用法_Python geometry.Point方法代码示例
- 【LOJ #3084】【GXOI / GZOI2019】—宝牌一大堆(DP)
- [FPGA]关于Xilinx与Altera两家FPGA结构的对比
- Google Analytics Measurement Protocol添加自定义统计事件
- 十七项网页恶意代码,别去害人啊!