March 5, 2026
Hook, line, and Chrome?
Google Safe Browsing missed 84% of phishing sites we found in February
Chrome's safety net has holes; users roast Google and fight over sample size
TLDR: A report says Chrome’s Safe Browsing missed most phishing sites in February, while another tool’s deep scan caught them all but over-flagged safe pages. Commenters clash over sample size, warning fatigue, and whether Google under-invests—making clear you can’t rely on pop-ups alone to stay safe.
Google’s own “Safe Browsing” — the guard dog inside Chrome — allegedly slept through 84% of real phishing sites found in February, according to a new report from Huginn/Muninn. The twist: a lot of scams hid on “nice” platforms like Weebly, Vercel, Wix, IPFS, and even Google’s own docs and forms. That’s hard to block, because you can’t blacklist entire trusted platforms — you have to catch the bad page itself.
Cue the comment-section cage match. One reader blurted, “Huh? Did the deep scan just flag everything?” after seeing that Muninn’s deeper check caught every phishing site but also flagged all 9 legit sites when used for extra scrutiny. Another went full skeptic, calling the roughly 250‑URL dataset “weirdly small” and tossing shade that the write-up “looks LLM-written.” Meanwhile, the roast of the day: a snarky claim that Google has “one engineer” keeping Safe Browsing alive as a side project. Ouch.
There’s also real talk: users say warning pop-ups are now background noise, and without basic cyber hygiene education, people click anyway. The automatic scan did well (caught 238 with few false alarms), but the deep scan plays max caution — a second opinion that prefers a false alarm over a stolen password. Drama, memes, and a wake-up call — all in one phishy package.
Key Points
- •In February, Huginn identified 254 confirmed phishing sites from public threat intelligence–sourced URLs.
- •At scan time, Google Safe Browsing flagged 41 of 254 phishing URLs (83.9% not flagged).
- •Muninn’s automatic scan detected 238/254 phishing sites with 6 false positives among 9 legitimate URLs.
- •Muninn’s deep scan had zero false negatives for phishing but flagged all 9 legitimate URLs as suspicious; authors say 15 automatic-scan misses were caught by deep scan.
- •149 of 254 phishing sites were hosted on trusted platforms (e.g., Weebly, Vercel, Wix, IPFS; also Google Docs/Forms/Sites/Apps Script), challenging blocklist-based detection.