#pentest | #cissp | Google Chrome 84 released next week with revived SameSite cookie changes – | #cybersecurity | #informationsecurity

Browser update to be rolled out following coronavirus-related hold up

Google is poised to launch Chrome 84 next week after the worldwide coronavirus pandemic pushed back the release date.

The latest update to the popular web browser aims to protect users from being tracked by websites by blocking certain third-party cookies through the enforcement of SameSite cookie labeling.

While the move was designed to improve the privacy of users, Google warned that it could also break a “modest” number of websites.

Google made the decision to delay the rollout over fears the SameSite changes could break websites delivering critical services such as “banking, online groceries, government services and healthcare” during the Covid-19 outbreak.

BACKGROUND Google rolls back Chrome SameSite cookie changes due to coronavirus concerns

The search engine giant originally announced plans for Chrome 84 back in May, with a launch date set for April. A stable release will now be rolled out on Tuesday, July 14.

Justin Schuh, director of Chrome engineering, wrote in a blog post: “We are planning to resume our SameSite cookie enforcement coinciding with the stable release of Chrome 84 on July 14, with enforcement enabled for Chrome 80+.

“As with the previous rollout, the enforcement will be gradual and we will keep you informed on timing and any possible changes on the SameSite updates page on Chromium.org.”

Cookie cutter

Chrome 84 has garnered particular attention due to changes in the the way the browser handles cookies – the packets of data that can track website visitors’ activity.

If a cookie label matches the website address, this is deemed a SameSite, or first-party, cookie. However, if they are from a third-party website, they are deemed ‘cross-party’.

Google argues that cross-party cookies increase the risk of cross-site-request-forgery and other attacks, and so Chrome 84 introduces a new cookie classification scheme.

Read more of the latest browser security news

SameSite cookies can be set to  or . When the browser is set to , the browser will not send the cookie with any cross-domain requests.

The  value, however, will send the cookie with a limited number of cross-domain requests.

Chrome 84 will treat any cookie without a designated  value as , blocking it.

TLS 1.0/1.1 end of life

Other new features for Chrome 84 include a web one-time password API, blocking insecure downloads from secure (HTTPS) contexts, and the removal of TLS 1.0 and 1.1

Taking a deeper look under the hood, Twitter user Hidde pointed out that Chrome 84 will support the Grid Layout feature ‘gap’, with ‘display: flex’, as previously seen in Firefox.

Hidde (@hdv) wrote on Twitter: “Nice, Chrome 84 (beta) joins Firefox in supporting everyone’s favourite Grid Layout feature (‘gap’), with ‘display: flex’.”

Stephen Coogan (@coog_ie) added: “Finally! I can rip out the grid rules I so uncomfortably put in to get around this.”

While Bram Smulders (@bramsmulders) tweeted: “Woooot! Waiting for this!”

READ MORE Apple Safari 14 introduces ‘passwordless’ logins for websites


Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

Source link
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App







National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.