back to article Google promises next week's cookie-crumbling Chrome 80 will only cause 'a very modest amount of breakage'

Next week Google is scheduled to release Chrome 80 to its stable channel, and says only "a very modest amount of breakage" of websites is expected. The reason web publishers might see "breakage" – which can mean anything from the loss of certain user-facing features to backend analytics errors – is that Chrome 80 handles HTTP …

  1. asdf

    how cute

    Oh look Google is finally getting around to do an inferior job to what Privacy Badger has been doing for me for years now.

    1. Rich 11

      Re: how cute

      Inferior by design.

      Now there's a motto to live by.

    2. Khelban

      Re: how cute

      Privacy Possum does it too

  2. Jamie Jones Silver badge

    What am I missing here?

    So, they've added the requirement for a certain header. All Joe-Nasty needs to do is set that header in their html, and "normal" service will be resumed?

    Apart from making people jump through google-hoops, what does this achieve?

    1. W.S.Gosset

      Re: What am I missing here?

      Yeah, it's a bit like that USA Immigration question: "Are you a Nazi? [YN]"

      1. J 3

        Re: What am I missing here?

        Although now answering "yes" to the Nazi question might bring you to the attention of high officials in the administration since there are always positions open there...

      2. Rich 11

        Re: What am I missing here?

        "Are you now, or have you ever been, a member of the Communist Party?"

        "No, but if they throw good quiz nights I'm open to the idea of joining."

    2. MatthewSt

      Re: What am I missing here?

      In summary, it stops Joe-Nasty from using cookies that identify you to Google. The problem isn't with cookies from a site, it's about how other sites can redirect you in a way that those cookies will be sent too.

      1. Jamie Jones Silver badge
        Thumb Up

        Re: What am I missing here?

        Ahhh, so if I'm Joe-Nicey, and I run a website with adverts I hope are legitimate, I can ensure third party ad-companies I use don't play fast-and-loose with the GDPR...

        Thanks, I didn't think of that!

        1. MatthewSt

          Re: What am I missing here?

          No... It means if you run a website where your users have accounts and data (like Google does) then nasty websites can't trick them into performing requests that pretend to be them

    3. Anonymous Coward
      Anonymous Coward

      Re: What am I missing here?

      Joe Nasty also has to ensure it takes care of buggy clients, else they'll get the wrong result from them.

    4. Outer mongolian custard monster from outer space (honest)

      Re: What am I missing here?

      samesite=none;secure just means the cookie has to have been transmitted over a secure channel (https) from the 3rd party server, therefore protecting it from snooping in transit.

      I'm struggling also to see what huge leap making the bad cookie originate from a https server offers up to defeating various attacks in this case.

      Also a value of none breaks older browers that won't rend the page as a result. Previously it had to be missing, lax or secure to be valid.

  3. Anonymous Coward
    Anonymous Coward

    Genossen, wir müssen alles wissen!

    © Erich Mielke

  4. Anonymous Coward
    Anonymous Coward the silent change that borked thousands of business users....

    1. keithpeter Silver badge

      Re: the silent change that borked thousands of business users....

      Quote from theverge article referenced above.

      "After complaints, Google was forced to reveal it had launched an “experiment” on stable versions of Chrome that had changed the browser’s behavior. The experiment was made silently, without IT admins or users being warned about Google’s changes."

      Firefox allows you to disable 'experiments' and 'studies' through both the preferences page in the GUI and through the about:config list for more granular control. Is there an equivalent in Chrome?

      Icon: just upgraded the missus to Windows 10 and she is a Chromie

  5. SVV

    the cookie changes in Chrome 80 further concentrate Google's market power

    So, how long now before Chrome directs ALL web traffic through Google's servers, and unilaterally insists on Google mandated HTML extensions on every page it allows - for the safety and security of its' captive users of course?

    1. Anonymous Coward
      Anonymous Coward

      Re: the cookie changes in Chrome 80 further concentrate Google's market power

      Exactly. Is this actually an agreed internet standard, or is this Google attempting to trawl the web further into its dragnet by inventing its own "standards" for its one benefit (like so-called "AMP")?

      1. Arthur 1

        Re: the cookie changes in Chrome 80 further concentrate Google's market power

        SameSite comes from IETF and is supported in all major browsers not named Safari. Google is just changing default behaviour to gradually push it to strict, which would improve overall safety on the web. While I'm not one to blindly defend the sometimes ridiculous shenanigans Google gets up to, this isn't really in that category.

  6. chivo243 Silver badge

    setting timer now

    Count down to that annoying devil-may-care chuckle, and the phrase, "I guess we'll have to wait for google to sort this one out..." In the meantime you guys handle the pissed off users. thanks.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like