The primary purpose of the new feature is to detect rogue tech support pages. Such malicious websites deceive users by convincing them that their computer is infected with a virus or has other problems. The warnings are displayed in full-screen or pop-up windows that are difficult to close.
The scammers provoke the victim to call the number provided and ask for help; their goal is to trick that person into paying for unnecessary services or software. In addition, scammers try to gain remote access to victim’s device, which can result in financial losses or data theft.
The new anti-scam protection system is integrated into the Enhanced Protection mode of Safe Browsing; it analyzes web pages in real time to detect signs of scam (e.g. fake virus warnings and full-screen windows) typical for technical support scams.
The analysis is performed autonomously and locally on the user’s device using Gemini Nano. If potential scam is detected, the data are sent to Google Safe Browsing for a final verdict. If Safe Browsing confirms scam, Chrome displays an interstitial warning page to notify the user of the risk.
Google developers claim that the new feature doesn’t affect performance and user privacy (although no technical details are provided in the announcement).
“This is all done in a way that preserves performance and privacy. In addition to ensuring that the LLM is only triggered sparingly and run locally on the device, we carefully manage resource consumption by considering the number of tokens used, running the process asynchronously to avoid interrupting browser activity, and implementing throttling and quota enforcement mechanisms to limit GPU usage,” – Google.
The new AI-based protection feature has already been implemented in Chrome 137 released this week; by default, it will be enabled for all users who update to the latest version and enable Enhanced Protection in Settings.
In the future, Google intends to expand this system so that it can detect other types of scam (e.g. package tracking scams and unpaid toll scams). In 2025, the company is going to introduce similar functionality to the Chrome browser for Android.
2025.02.12 — 2.8 million IP addresses used to brute-force network devices
The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking…
Full article →
2025.02.17 — Dutch police seize 127 servers belonging to Zservers hosting provider
Following the introduction of international sanctions against Zservers, Russian 'bulletproof' hosting services provider, the Dutch National Police (Politie) shut down and seized 127 servers belonging to Zservers/XHost.…
Full article →
2025.04.29 — FBI Offers 10 million USD for information on Salt Typhoon members
The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year's attack that had…
Full article →
2025.03.28 — Zero-day vulnerability in Windows results in NTLM hash leaks
Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows…
Full article →
2025.03.16 — Researchers force DeepSeek to write malware
According to Tenable, the AI chatbot DeepSeek R1 from China can be used to write malware (e.g. keyloggers and ransomware). DeepSeek was released in January 2025 and caused a stir…
Full article →
2025.04.30 — Coinbase fixes 2FA bug that made customers panic
Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised. Earlier this month, BleepingComputer…
Full article →
2025.01.26 — Cisco patched a critical vulnerability in Meeting Management
Cisco released updates to fix a critical (CVSS score: 9.9) vulnerability in Meeting Management. The bug enables an unprivileged remote authenticated attacker to gain administrative privileges. The vulnerability…
Full article →
2025.01.30 — Hackers use vulnerabilities in SimpleHelp RMM to attack corporate networks
Experts believe that recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) were used by attackers to gain initial access to corporate networks. A number…
Full article →
2025.02.21 — Microsoft fixes vulnerability in Power Pages exploited by cybercriminals
Microsoft patched a severe privilege escalation vulnerability in Power Pages used by hackers as a 0-day. The vulnerability tracked as CVE-2025-24989 (CVSS score 8.2) pertains…
Full article →
2025.04.01 — Hackers abuse MU plugins to inject malicious payloads to WordPress
According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected. The technique was first discovered…
Full article →