Google Suddenly Reverses Major Chrome COVID-19 Security Move
by Kate O'FlahertyGoogle will now proceed in rolling out controversial cookie changes that could cause some websites to break.
Two months ago, Google decided amid COVID-19 pressure that it would halt a controversial Chrome change that could cause some websites to break. But in a sudden reversal, Google will now proceed with the decision to phase out support for third party tracking cookies.
The move will start from July 14 in Chrome 84 and gradually roll out to users of Chrome 80 and higher, Justin Schuh, director of Chrome engineering, wrote in a blog.
On the surface of it, the SameSite cookie changes will increase security and privacy for users. But as I reported back in February, they could also cause some websites to break in Chrome.
It was with this in mind that Google paused the SameSite changes during the COVID-19 pandemic, as much of the world went into lockdown forcing people to do all their shopping online. At the same time, businesses were—and still are—working from home. Google knew that everyone needed Chrome to work, so it gave those affected a bit more time to sort out the problem.
At the time, Google’s Schuh predicted the SameSite changes would start back up again in the Summer. It’ll be here pretty quickly—July 14 is only six weeks away—so affected developers and organizations will need to start to prepare now.
“The SameSite cookies change will likely break things for some sites, especially those who rely on single sign on (SSO) features,” says security researcher Sean Wright.
He says organizations will need to prepare themselves by reviewing and testing if any systems will be impacted and making appropriate changes. “To test this change, organizations should enable the ‘SameSite by default cookies’ and the ‘Cookies without SameSite must be secure’ flag in Chrome (chrome://flags), and then test their apps,” Wright advises.
As COVID-19 lockdowns ease around the world, software companies appear to be getting up and running again. While Chrome and its competitor also based on the Chromium browser engine Microsoft Edge had initially paused releases in favour of increased security, things seem to be going back to normal.
Google released Chrome 83 with a bunch of new privacy features, while Microsoft Edge is quickly ramping up its own offering to become a very real threat to Google.