The primary purpose of the new feature is to detect rogue tech support pages. Such malicious websites deceive users by convincing them that their computer is infected with a virus or has other problems. The warnings are displayed in full-screen or pop-up windows that are difficult to close.
The scammers provoke the victim to call the number provided and ask for help; their goal is to trick that person into paying for unnecessary services or software. In addition, scammers try to gain remote access to victim’s device, which can result in financial losses or data theft.
The new anti-scam protection system is integrated into the Enhanced Protection mode of Safe Browsing; it analyzes web pages in real time to detect signs of scam (e.g. fake virus warnings and full-screen windows) typical for technical support scams.
The analysis is performed autonomously and locally on the user’s device using Gemini Nano. If potential scam is detected, the data are sent to Google Safe Browsing for a final verdict. If Safe Browsing confirms scam, Chrome displays an interstitial warning page to notify the user of the risk.
Google developers claim that the new feature doesn’t affect performance and user privacy (although no technical details are provided in the announcement).
“This is all done in a way that preserves performance and privacy. In addition to ensuring that the LLM is only triggered sparingly and run locally on the device, we carefully manage resource consumption by considering the number of tokens used, running the process asynchronously to avoid interrupting browser activity, and implementing throttling and quota enforcement mechanisms to limit GPU usage,” – Google.
The new AI-based protection feature has already been implemented in Chrome 137 released this week; by default, it will be enabled for all users who update to the latest version and enable Enhanced Protection in Settings.
In the future, Google intends to expand this system so that it can detect other types of scam (e.g. package tracking scams and unpaid toll scams). In 2025, the company is going to introduce similar functionality to the Chrome browser for Android.
2025.04.07 — Critical RCE vulnerability discovered in Apache Parquet
All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out…
Full article →
2025.02.17 — Dutch police seize 127 servers belonging to Zservers hosting provider
Following the introduction of international sanctions against Zservers, Russian 'bulletproof' hosting services provider, the Dutch National Police (Politie) shut down and seized 127 servers belonging to Zservers/XHost.…
Full article →
2025.04.30 — Coinbase fixes 2FA bug that made customers panic
Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised. Earlier this month, BleepingComputer…
Full article →
2025.04.23 — Improper authentication control vulnerability affects ASUS routers with AiCloud
ASUSTeK Computer Inc. fixed an improper authentication control vulnerability in routers with AiCloud. The bug allows remote attackers to perform unauthorized actions on vulnerable devices. The issue…
Full article →
2025.04.12 — Hackers compromised a bureau within the U.S. Department of the Treasury and spent months in hacked systems
The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had…
Full article →
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store
According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…
Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage
According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…
Full article →
2025.04.01 — Hackers abuse MU plugins to inject malicious payloads to WordPress
According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected. The technique was first discovered…
Full article →
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
2025.03.24 — Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud
Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company's cloud will no longer be supported. Effective March…
Full article →