Google rolls back Chrome’s cookie security measure due to COVID-19
Google is temporarily rolling back a recent privacy feature ‘SamSite Cookie’ it launched with Chrome 80, to ensure stability to websites amidst the coronavirus pandemic.
Justin Schuh, Director of Chrome Engineering said in the blog,
“In light of the extraordinary global circumstances due to COVID-19, we are temporarily rolling back the enforcement of SameSite cookie labeling, starting today.”
The SameSite policy was the change in how Chrome treated cookies. Before this policy, Chrome allowed more cookies including third-party by default. SameSite, however, has turned that default. With the release of Chrome 80 in February, Chrome began to enforce secure-by default handling of third-party cookies to improve privacy and limit tracking.
Google was planning to roll out this change slowly for all the users during the rest of the year and closely monitor the impact on the web. The SameSite cookies primary role would be to prevent third party domains from using browser cookie files to track users as they browsed on different sites across the internet. At a higher level, it meant a website owner should set a third-party cookie as being okay or else Chrome would block it.
Online advertisers and web analytics firms were most impacted by the changes that migrated to other tracking practices after the announcement of Google’s SameSite cookies. However, many government sites, banking, intranets, and others are using third-party cookies in other contexts.
The disabling of third-party cookies can cause some sites to break – even if SameSite cookies roughly shipped to 1% of the Chrome users. Therefore, temporary rollback will ensure that these small numbers of users are not much impacted. Many major sites were prepared for this change but Google said it wants
“to ensure stability for websites providing essential services including banking, online groceries, government services, and healthcare that facilitate our daily life during this time.”
Schuh further added that as they roll back enforcement, organizations, users or sites should see no disruption. As social distancing measures have been followed worldwide, reliance on online services has increased and any kind of disruptions can cause big issues especially if it is concerned with healthcare resources.
Google also said that they plan to resume the enforcement in the future and will give advance notice on their blog. This isn’t the only announcement that is affected by the outbreak. Google has also paused temporarily adding new features to Chrome and Chrome OS and focus on security and stability owing to adjustments in their work schedules.