Configuring Google Safe Browsing Whitelist in Chrome


Google Safe Browsing may occasionally flag domains used in phishing security tests (PSTs), categorizing them as unsafe or deceptive. Dynarisk actively works to remove flagged domains from these lists. However, once a domain is blacklisted, users clicking on associated links may see warning messages, preventing them from accessing the phishing links or landing pages during security tests.


By adding these domains to a Safe Browsing whitelist, you can prevent warning messages from appearing and ensure that test results are accurately recorded. The Safe Browsing whitelist can be implemented on various platforms running Google Chrome, including Windows, macOS, and Chrome-based operating systems.


System Requirements for Whitelisting

According to Google Enterprise documentation, Safe Browsing whitelisting is supported under the following conditions:

For Windows:

  • Devices linked to a Microsoft Active Directory domain.
  • Systems operating on Windows 10 Pro.
  • Devices registered under Chrome Browser Cloud Management.

For macOS:

  • Devices managed through MDM.
  • Systems integrated into a domain using MCX.


Whitelisting Process for Windows

To enable Safe Browsing whitelisting on Windows, you need to configure a Group Policy Object (GPO) for Chrome:

  1. Obtain Chrome ADMX templates by following Google’s official documentation on Chrome policy settings for Windows.
  2. Install the templates on the domain controller to make them available for GPO assignments.
  3. In the GPO Editor, navigate to:
    • Computer Configuration → Administrative Templates → Google → Google Chrome → Safe Browsing Settings → Configure the list of domains on which Safe Browsing will not trigger warnings.
  4. Enable the setting and open the configuration list.
  5. Add the phishing link and landing domains using the format example.com.
  6. Click OK, then Apply, and confirm with OK.
  7. Restart Chrome and visit chrome://policy to ensure the policy is correctly implemented.


Whitelisting Process for macOS

To enforce whitelisting on macOS, modifications to the Google Chrome .plist configuration files are required:

  1. Create or open a .plist file in a text editor.
  2. Insert the phishing link and landing domains under the <key>SafeBrowsingAllowlistDomains</key> section using <string> entries within an <array>.
  3. Save the file and convert it into a system policy using a tool like mcxToProfile.
  4. Deploy the policy to devices through MDM.
  5. Restart Chrome and check chrome://policy to confirm the policy is applied.


Whitelisting for Chrome Profiles

For machines managed through Chrome or Chrome-based operating systems, policies can be applied via the Google Admin Console:

  1. Access the Google Admin Portal.
  2. Go to Devices → Chrome → Settings → Users & Browsers → Safe browsing allowed domains.
  3. Input the phishing link and landing domains, ensuring one domain per line.
  4. Click Save.
  5. Verify the changes by visiting chrome://policy.

If you require additional guidance, please contact the Dynarisk support team for further assistance.