Not "DOM" but a hashes of the URL or a part of it, to check if the domain or URL is "safe." Also downloads are checked. And AFAIK it's more nuanced, there's also a database that can be checked and allow "offline" checks. But it would still be interesting to find one independent serious analysis of the behavior.
It's named client side detection and it sends the DOM model(actually hashes of it) to Google. I found about it on HN too. Obviously you may check FF/Chrome source too. I would love to be proven wrong. https://news.ycombinator.com/item?id=5971403