Browser update to be rolled out following coronavirus-related hold up
Google is poised to launch Chrome 84 next week after the worldwide coronavirus pandemic pushed back the release date.
The latest update to the popular web browser aims to protect users from being tracked by websites by blocking certain third-party cookies through the enforcement of SameSite cookie labeling.
While the move was designed to improve the privacy of users, Google warned that it could also break a “modest” number of websites.
Google made the decision to delay the rollout over fears the SameSite changes could break websites delivering critical services such as “banking, online groceries, government services and healthcare” during the Covid-19 outbreak.
BACKGROUND Google rolls back Chrome SameSite cookie changes due to coronavirus concerns
The search engine giant originally announced plans for Chrome 84 back in May, with a launch date set for April. A stable release will now be rolled out on Tuesday, July 14.
Justin Schuh, director of Chrome engineering, wrote in a blog post: “We are planning to resume our SameSite cookie enforcement coinciding with the stable release of Chrome 84 on July 14, with enforcement enabled for Chrome 80+.
“As with the previous rollout, the enforcement will be gradual and we will keep you informed on timing and any possible changes on the SameSite updates page on Chromium.org.”
Chrome 84 has garnered particular attention due to changes in the the way the browser handles cookies – the packets of data that can track website visitors’ activity.
If a cookie label matches the website address, this is deemed a SameSite, or first-party, cookie. However, if they are from a third-party website, they are deemed ‘cross-party’.
Google argues that cross-party cookies increase the risk of cross-site-request-forgery and other attacks, and so Chrome 84 introduces a new cookie classification scheme.
Read more of the latest browser security news
SameSite cookies can be set to SameSite=Lax or SameSite=Strict. When the browser is set to SameSite=Strict, the browser will not send the cookie with any cross-domain requests.
The SameSite=Lax value, however, will send the cookie with a limited number of cross-domain requests.
Chrome 84 will treat any cookie without a designated SameSite=Strict value as SameSite=Lax, blocking it.
TLS 1.0/1.1 end of life
Other new features for Chrome 84 include a web one-time password API, blocking insecure downloads from secure (HTTPS) contexts, and the removal of TLS 1.0 and 1.1
Taking a deeper look under the hood, Twitter user Hidde pointed out that Chrome 84 will support the Grid Layout feature ‘gap’, with ‘display: flex’, as previously seen in Firefox.
Hidde (@hdv) wrote on Twitter: “Nice, Chrome 84 (beta) joins Firefox in supporting everyone’s favourite Grid Layout feature (‘gap’), with ‘display: flex’.”
Stephen Coogan (@coog_ie) added: “Finally! I can rip out the grid rules I so uncomfortably put in to get around this.”
While Bram Smulders (@bramsmulders) tweeted: “Woooot! Waiting for this!”
READ MORE Apple Safari 14 introduces ‘passwordless’ logins for websites