Security/Safe Browsing/Chromium Implementation Overview

Notes on the Safe Browsing implementation in Chromium.

Documentation

• Design doc that explains how Safe Browsing works in Chromium.
• Protocol version 3 (the one that Chrome implements)

Application Reputation

• Protobuf definition
• Utility functions
  • Extracting signatures (also see cli tool)
  • Extracting features of binary files (also windows executables)
  • Mac DMGs and the sandboxed analyzer (also see dependencies)
  • ZIP analyzer (and the sandboxed analyzer)
• File uploads to a download feedback service
• Download protection service

Malware and phishing

• File store (inherits from SB Store)
• Interstitial pages (will allow users to opt into reporting malware details)
• Local DB manager (inherits from DB manager)
  • Remote DB manager (in trial on Android)
• Prefix set
• Protocol interactions with service (including parsing server responses)
• Range parsing
• SB stats reporting (optional, includes threat details reporting)
• URL classification helpers
• Utilities for handling chunks and hashes

Protocol Version 4

• Protobuf definition
• Safe Browsing DB component

Testing

• See chrome://safe-browsing/ for Chrome's equivalent of about:url-classifier
• Test server (also see this v2 test server)
• Test data (including executables and archives as well as mac binaries and a signed DLL)

Client-side malware/phishing detection (CSD)

• Protobuf definitions
• Browser feature extractor and matching renderer code
• Client model
• "Site reputation" service

Software Removal Tool (SRT)

• Code (Windows only)