The primary purpose of the new feature is to detect rogue tech support pages. Such malicious websites deceive users by convincing them that their computer is infected with a virus or has other problems. The warnings are displayed in full-screen or pop-up windows that are difficult to close.
The scammers provoke the victim to call the number provided and ask for help; their goal is to trick that person into paying for unnecessary services or software. In addition, scammers try to gain remote access to victim’s device, which can result in financial losses or data theft.
The new anti-scam protection system is integrated into the Enhanced Protection mode of Safe Browsing; it analyzes web pages in real time to detect signs of scam (e.g. fake virus warnings and full-screen windows) typical for technical support scams.
The analysis is performed autonomously and locally on the user’s device using Gemini Nano. If potential scam is detected, the data are sent to Google Safe Browsing for a final verdict. If Safe Browsing confirms scam, Chrome displays an interstitial warning page to notify the user of the risk.
Google developers claim that the new feature doesn’t affect performance and user privacy (although no technical details are provided in the announcement).
“This is all done in a way that preserves performance and privacy. In addition to ensuring that the LLM is only triggered sparingly and run locally on the device, we carefully manage resource consumption by considering the number of tokens used, running the process asynchronously to avoid interrupting browser activity, and implementing throttling and quota enforcement mechanisms to limit GPU usage,” – Google.
The new AI-based protection feature has already been implemented in Chrome 137 released this week; by default, it will be enabled for all users who update to the latest version and enable Enhanced Protection in Settings.
In the future, Google intends to expand this system so that it can detect other types of scam (e.g. package tracking scams and unpaid toll scams). In 2025, the company is going to introduce similar functionality to the Chrome browser for Android.
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024
According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…
Full article →
2025.01.22 — Fake Homebrew Infects macOS and Linux Machines with infostealer
Attackers use Google ads to disguise themselves as the Homebrew website and distribute malware targeting Mac and Linux systems and stealing logon credentials, browser data, and cryptocurrency wallets.…
Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →
2025.03.12 — Mass exploitation of PHP-CGI vulnerability in attacks targeting Japanese companies
GreyNoise and Cisco Talos experts warn that hackers are actively exploiting CVE-2024-4577, a critical PHP-CGI vulnerability that was discovered and fixed in early June 2024. CVE-2024-457…
Full article →
2025.02.23 — New JavaScript obfuscation technique uses invisible Unicode characters
According to Juniper Threat Labs , a new JavaScript obfuscation technique that uses invisible Unicode characters was used in a phishing attack targeting Political Action…
Full article →
2025.02.20 — Newly-discovered vulnerabilities in OpenSSH open the door to MiTM and DoS attacks
OpenSSH fixed two vulnerabilities that could result in MiTM and denial of service (DoS) attacks. Interestingly, one of these bugs appeared in the code more than 10…
Full article →
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store
According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…
Full article →
2025.03.10 — Nearly a million Windows computers impacted by a malvertising campaign
According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive…
Full article →
2025.03.16 — Researchers force DeepSeek to write malware
According to Tenable, the AI chatbot DeepSeek R1 from China can be used to write malware (e.g. keyloggers and ransomware). DeepSeek was released in January 2025 and caused a stir…
Full article →
2025.01.30 — Hackers use vulnerabilities in SimpleHelp RMM to attack corporate networks
Experts believe that recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) were used by attackers to gain initial access to corporate networks. A number…
Full article →