The entity I'm primarily worried about tracking here is Google.
And, pretty much trivially, if the URL was added to the blacklist, they have the corresponding URL to the hash.
(Not to mention, even if they didn't, their core product is based around crawling webpages. I'd be highly surprised if they didn't have hashes of the URLs they visited.)
And, even beside that, URLs are relatively low-entropy. Especially with the path-splitting that safe-browsing does.
