Understanding the content sent towards Google Safe Browsing Service

[Amir Jam]

I am trying to find the details about the meta data that is going to be sent towards Google Safe Browsing Service by checking a potential malicious file.

As Chrome 91.0.x and Firefox ESR 78.x both use the service API v4 I assume that both would behave similar. Therefore I refer to both documentations and I would really appreciate it if you could help me here.

In Firefox documenation I found this link:

https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work

I quote:

"... In these cases, Firefox will submit some information about the file, including the name, origin, size and a cryptographic hash of the contents, to the Google Safe Browsing service which helps Firefox determine whether or not the file should be blocked...."

Can someone help me clarify what the origin will be? And is it possible to track back who is trying to download / run this file? Or is it only the "download location" as origin that will be uploaded?

In the common API documentation I found this which is not as specific as the Firefox documentation:

https://developers.google.com/safe-browsing/v4/metadata

If you are from google team, can you please provide with a real sample data (best would be in the documentation if possible)? For example if someone uses a test file from the test site:

http://testsafebrowsing.appspot.com/

what would appear on Google site?

Kind regards

Amir