You can make a blocklist with hashes of the malicious URLs to solve this problem.
From what I understand, (non-enhanced) safe browsing uses this trick, but it is implemented in a way that allows Google access to data in certain cases: there are very short hashes that allow for false positives, and potential matches are sent to Google servers for confirmation.
Remote access is not a minor thing. It's a must-have.
Says who? It might be part of your workflow, but that's far from a must-have, let's be objective.
The mere fact that Windows is the market leader and doesn't have remote access is proof enough.
We gave you an atomic bomb, what do you want, mermaids? -- I. I. Rabi to the Atomic Energy Commission