Chrome Is Rolling Back SameSite Security Changes Because Of Coronavirus

Google is temporarily reversing its plan to stop supporting cross-site third-party cookie sharing by default, citing the “extraordinary global circumstances due to COVID-19.”

This decision means the SameSite changes Chrome started enforcing when it released Chrome 80 in February are on hold. It plans to restart the process at some point over the summer.

In a blog post on Friday, Justin Schuh, director of Chrome engineering, noted that Google “recognize[s] the efforts of sites and individual developers who prepared for this change and appreciate the feedback from the web ecosystem, which has helped inform this decision.”

Although most sites were prepared for the change, Schuh said, Chrome wants “to ensure stability for websites providing essential services, including banking, online groceries, government services and healthcare that facilitate our daily life during this time.”

The primary purpose of the SameSite change is to explicitly label third-party cookies for security purposes. Once enforced, insecure third-party cookies that aren’t accessed over HTTPS and properly classified will no longer be readable across sites, which will make analytics and attribution impossible for domains that aren’t following the rules.

Some view the SameSite as a step on the road toward doing away with third-party cookies for good.

“Google is forcing ad tech to accept SameSite by saying that cookies aren’t going to work without it,” Ken Weiner, CTO of GumGum told AdExchanger in a previous interview. “I guess you could call it a lily pad for ad tech on the way to the cookieless deep end … [but] ad tech is going to end up in that deep end sooner or later regardless.”

Speaking of, Chrome has no plans to postpone phasing out third-party cookies, which is still on the calendar for 2022.

In late March, a business group within the World Wide Web Consortium requested that Google extend the deadline in light of disruptions and uncertainty due to the COVID-19 situation.

Google politely declined, noting that “a discussion around adjusting timelines is premature.”

 

Add a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>