Chrome 80, the update may compromise some functions on outdated sites

Google has officially declared that the new version of Chrome, just released, introduces changes in the management of SameSite cookies that could compromise some features of the websites that use them. The change implies that only cookies set with the ” SameSite = None; Secure ” attribute will be accessible from third-party contexts, and only if access will be via secure connections.

The goal was described by Google last month, i.e., phasing out support for third-party cookies on Chrome. All in favor of greater privacy and greater control over their data, topics requested by an increasing number of users. In response, Google said that the goal is to develop a new system that works for the entire online ecosystem, including for publishers.

The plan to force third-party cookies only over HTTPS was originally revealed in May 2019 to give IT administrators proper notice so that they could update their websites in time for Chrome 80. The company has then released a reminder last October, and in recent days has released a video explaining the news, and how web developers have to deal with it in order not to compromise the functionality of the sites.

The most obvious problems could be revealed in the log-in functions: to mitigate this type of problem, Chrome has introduced a new feature that allows cookies without a specified SameSite attribute to be available for the type of POST request generally used for access flows. The ” Lax + POST ” mitigation, as the modification was called, only gives the cookie two minutes to perform the intended function.

Google also warned that business administrators may need to implement special policies to bring Chrome back to legacy behavior if internal applications have not yet been updated to meet Chrome’s new rules. The end-user does not have to do anything. Indeed the change should strengthen security in browsing sessions.