The primary purpose of the new feature is to detect rogue tech support pages. Such malicious websites deceive users by convincing them that their computer is infected with a virus or has other problems. The warnings are displayed in full-screen or pop-up windows that are difficult to close.
The scammers provoke the victim to call the number provided and ask for help; their goal is to trick that person into paying for unnecessary services or software. In addition, scammers try to gain remote access to victim’s device, which can result in financial losses or data theft.
The new anti-scam protection system is integrated into the Enhanced Protection mode of Safe Browsing; it analyzes web pages in real time to detect signs of scam (e.g. fake virus warnings and full-screen windows) typical for technical support scams.
The analysis is performed autonomously and locally on the user’s device using Gemini Nano. If potential scam is detected, the data are sent to Google Safe Browsing for a final verdict. If Safe Browsing confirms scam, Chrome displays an interstitial warning page to notify the user of the risk.
Google developers claim that the new feature doesn’t affect performance and user privacy (although no technical details are provided in the announcement).
“This is all done in a way that preserves performance and privacy. In addition to ensuring that the LLM is only triggered sparingly and run locally on the device, we carefully manage resource consumption by considering the number of tokens used, running the process asynchronously to avoid interrupting browser activity, and implementing throttling and quota enforcement mechanisms to limit GPU usage,” – Google.
The new AI-based protection feature has already been implemented in Chrome 137 released this week; by default, it will be enabled for all users who update to the latest version and enable Enhanced Protection in Settings.
In the future, Google intends to expand this system so that it can detect other types of scam (e.g. package tracking scams and unpaid toll scams). In 2025, the company is going to introduce similar functionality to the Chrome browser for Android.
2025.04.08 — Website of Everest ransomware group hacked and defaced
Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: "Don't do crime…
Full article →
2025.02.14 — 12,000 Kerio Control firewalls remain vulnerable to RCE
Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…
Full article →
2025.03.24 — Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud
Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company's cloud will no longer be supported. Effective March…
Full article →
2025.01.27 — Zyxel firewalls reboot due to flawed update
Zyxel warned its customers that a recent signature update may cause critical errors in USG FLEX and ATP series firewalls. As a result, devices go into…
Full article →
2025.02.01 — Critical RCE vulnerability fixed in Cacti
A critical vulnerability has been discovered in the open-source Cacti framework: it enables an authenticated attacker to remotely execute arbitrary code. Vulnerability's ID is CVE-2025-22604; its…
Full article →
2025.04.29 — FBI Offers 10 million USD for information on Salt Typhoon members
The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year's attack that had…
Full article →
2025.01.24 — Hundreds of websites impersonating Reddit and WeTransfer spread Lumma Stealer
Sekoia researcher crep1x discovered that hackers are currently using some 1,000 pages impersonating Reddit and WeTransfer. Victims visiting these sites are tricked into…
Full article →
2025.02.12 — 2.8 million IP addresses used to brute-force network devices
The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking…
Full article →
2025.02.21 — Microsoft fixes vulnerability in Power Pages exploited by cybercriminals
Microsoft patched a severe privilege escalation vulnerability in Power Pages used by hackers as a 0-day. The vulnerability tracked as CVE-2025-24989 (CVSS score 8.2) pertains…
Full article →
2025.03.12 — Mass exploitation of PHP-CGI vulnerability in attacks targeting Japanese companies
GreyNoise and Cisco Talos experts warn that hackers are actively exploiting CVE-2024-4577, a critical PHP-CGI vulnerability that was discovered and fixed in early June 2024. CVE-2024-457…
Full article →