Not "DOM" but a hashes of the URL or a part of it, to check if the domain or URL is "safe." Also downloads are checked. And AFAIK it's more nuanced, there's also a database that can be checked and allow "offline" checks. But it would still be interesting to find one independent serious analysis of the behavior.
It's named client side detection and it sends the DOM model(actually hashes of it) to Google. I found about it on HN too. Obviously you may check FF/Chrome source too. I would love to be proven wrong. https://news.ycombinator.com/item?id=5971403
Both Chrome and Firefox use the same techniques as far as the client side detection is concerned if not even the same code. Both send the data to Google.
> One of the most persistent misunderstandings about Safe Browsing is the idea that the browser needs to send all visited URLs to Google in order to verify whether or not they are safe.
> While this was an option in version 1 of the Safe Browsing protocol (as disclosed in their privacy policy at the time), support for this "enhanced mode" was removed in Firefox 3 and the version 1 server was decommissioned in late 2011 in favor of version 2 of the Safe Browsing API which doesn't offer this type of real-time lookup.