Google is rolling back SameSite Cookie changes temporarily

[Karlston]

Google is rolling back SameSite Cookie changes temporarily

Google introduced the new SameSite cookie policy in Chrome 80 Stable which it released in February 2020 to the public. The policy implements changes to the handling of cookies that the company announced in May 2019 for the first time.

 

Basically, what SameSite does is limit cookie access to first-party access by default. Web developers get options to change the handling by explicitly marking cookies for access in third-party contexts. Third-party cookies will only be sent over HTTPS connections in that case to further improve privacy and security.

 

 

Google published an announcement on the Chromium website on Friday in which it revealed that it made the decision to roll back the SameSite cookie changes in Chrome. The company started to implement the changes in February with the release of Chrome 80. According to Google's announcement, the rollback is necessary because of "extraordinary global circumstances due to Covid-19". Google wants to make sure that websites that provide essential services function as designed and that is why SameSite is rolled back and put on hold for the time being.

However in light of the extraordinary global circumstances due to COVID-19, we are temporarily rolling back the enforcement of SameSite cookie labeling, starting today. While most of the web ecosystem was prepared for this change, we want to ensure stability for websites providing essential services including banking, online groceries, government services and healthcare that facilitate our daily life during this time. As we roll back enforcement, organizations, users and sites should see no disruption.

Developers should monitor the Same Site updates page on the Chromium website as well as the Chromium blog for announcements on when SameSite is going to be introduced in Chrome again.

 

Google announced other Chrome-related changes recently. The company postponed releases, decided to focus on security improvements only, and plans to skip Chrome 82 entirely but release Chrome 83 early because of the Coronavirus pandemic.

 

Mozilla, maker of Firefox, had to rollback a change in Firefox as well because of the current global situation. The organization decided to re-enable TLS 1.0 and 1.1 in the Firefox web browser due to (some) government sites still requiring the aging protocols and Google postponing the change in the company's Chrome web browser. Microsoft postponed the disabling of TLS 1.0 and 1.1 in the company's browsers to the second half of 2020 as well.

 

 

Source: Google is rolling back SameSite Cookie changes temporarily (gHacks - Martin Brinkmann)