I'm quite late with this, but this is incorrect. At no time is the URL sent to Google; in fact, at no time is even the hash of the full URL sent to Google. I'd suggest you re-read the safebrowsing protocol.
As ploxiln notes, if a hit is found with a matching prefix to the (canonicalized) URL, a request is made for all hashes of URLs beginning with that hashed prefix. The hash of the current URL can then be checked against that list locally.
I was oversimplifying, sorry. You are correct that the URL isn't ever explicitly sent.
However.
Generally there are only one or two URLs that start with the hash prefix that is explicitly sent to Google. Which means in practice it may as well be leaking the actual URL to Google.
Especially as there are multiple hashes per URL (5 worst-case?).
As ploxiln notes, if a hit is found with a matching prefix to the (canonicalized) URL, a request is made for all hashes of URLs beginning with that hashed prefix. The hash of the current URL can then be checked against that list locally.