Image: © chathuporn/Stock.adobe.com
New machine learning developments for Chrome aim to predict what the user wants in real time.
Google has announced a number of machine learning improvements for its Chrome web browser to enhance safety and add personalised features.
Chrome already uses machine learning to make images more accessible for people with vision issues, or to generate real-time captions on videos.
In March, the browser received a new built-in phishing detector that uses machine learning (ML). Google said this new model identifies 2.5 times more potentially malicious sites and phishing attacks than the previous model.
The tech giant now plans to use AI to improve how the web browser handles permission requests for notifications.
“On the one hand, page notifications help deliver updates from sites you care about; on the other hand, notification permission prompts can become a nuisance,” said Google software engineer Tarun Bansal.
The next update will have a machine learning model that runs within Chrome, which will identify permission notifications and silence the ones that are unlikely to be granted based on the user’s previous interactions.
One planned AI improvement will adjust the Chrome toolbar in real time based on which action is the most useful in that moment, such as sharing a link or using the voice search function. Google said this adjustable toolbar can be manually customised.
“Our goal is to build a browser that’s genuinely and continuously helpful, and we’re excited about the possibilities that ML provides,” Bansal said.
Google has also launched an update to its language identification model, which detects the language of a visited website and predicts if it needs to be translated for the user. Bansal said that Google is seeing “tens of millions more successful translations every day” thanks to this update.
Machine learning cyberattacks
While machine learning offers benefits for web browsing, it can also be used as a tool by hackers to launch cyberattacks that are difficult to prevent. These machine-learning-assisted attacks are particularly robust and poorly understood due to the complex algorithms involved.
One such documented attack, described by MIT researchers as a “state-of-the-art” website-fingerprinting attack, was replicated in detail to enable deeper study.
“One of the really scary things about this attack is that we wrote it in JavaScript, so you don’t have to download or install any code,” said computer scientist Jack Cook, lead author of the study. “All you have to do is open a website.
The attack studied was shown to be extremely efficient at determining a user’s browsing behaviour. In the case of a computer running Chrome on MacOS, it was able to identify websites visited by the user with 94pc accuracy. In all browsers and operating systems tested, the researchers saw more than 91pc accuracy.
“Someone could embed this into a website and then theoretically be able to snoop on other activity on your computer,” said Cook.
The MIT team’s almost-identical version of this machine-learning-assisted side-channel attack helped them to better understand how it works and how to prevent it. They were surprised to find that deepening their knowledge of these complex attacks revealed some fairly simple fixes.
In order to counter the cyberattack, the team created a browser extension that pinged random websites, adding noise to the data and making it more difficult for an attacker to decode signals. This saw the attack’s accuracy drop to 62pc, but it also impacted the computer’s performance.
As a second countermeasure, they modified the computer’s timer to return values that slightly differed from the actual time. This, they explained, made it much harder to monitor user activity and cut the attack’s accuracy down to just 1pc.
“I was surprised by how such a small mitigation like adding randomness to the timer could be so effective,” said Cook. “This mitigation strategy could really be put in use today. It doesn’t affect how you use most websites.”
The researchers plan to use their findings to develop an analysis framework for machine-learning-assisted side-channel attacks.
“As researchers, we should really try to delve deeper and do more analysis work, rather than just blindly using black-box machine-learning tactics to demonstrate one attack after another,” said senior author Mengjia Yan, a member of the Computer Science and Artificial Intelligence Laboratory (CSAIL) at MIT.
“The lesson we learned is that these machine-learning-assisted attacks can be extremely misleading.”
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.
