From The TCS Blog rss

Subscribe to TCS Blog Updates

  • Home
  • Beware! Are Your Apps Prepared for the February 4 Chrome Change?

From The TCS Blog

Beware! Are Your Apps Prepared for the February 4 Chrome Change?

By: Total Computer Solutions

Chrome 80 changes

Have you been wondering whether your apps are prepared for the Chrome 80 changes?  Then you will want to make sure that you know these three things:

  • Google Chrome Web Browser 80. Google has scheduled the official release of its latest web browser Chrome 80 for February 4, 2020. The updated browser features a significant change in the way the browser manages cookies. Google designed the changes to prevent cookie tracking by malicious cyber hackers. Unfortunately, websites and platforms you use every day may not work after Chrome 80 goes into effect.
Anticipated Chrome Issues on and after February 4. Several issues may affect your websites and platforms. They are:
 
    • Authentication on websites has become ubiquitous across the digital world. That said, Chrome 80 changes may cause authentication queries to loop. The cookie changes may cause the query to repeat the same pattern but never fulfill the command. Or the authentication command may fail altogether. Microsoft revised the Microsoft 365 Suite applications in response to the new Google Chrome changes. Microsoft also recommended that its Microsoft customers may need to update other websites and apps. That warning also applied to customers using Microsoft cloud services.

    • Line of business applications and platforms that rely on cross-domain cookies may break. That may happen because Chrome 80 restricts third-party cookie tracking and cross-site cookie tracking. That severe restriction occurs by default in Chrome 80. Users can work around the default if they flag each particular cross-site cookie by using the SameSite standard and HTTPS security. Google intended that the new Chrome cookie rules would "safeguard more websites and their users" against threats such as Cross-Site Request Forgery. Cross-Site Request Forgery is one of the top website vulnerabilities as it exploits a trusted website user to issue unauthorized commands.

    • SaaS. Many companies rely on Software-as-a-Service applications managed by other companies via the cloud. After the Chrome changes go into effect, such SaaS software may not work as desired.
  • Test Your Apps. A solution to this uncertainty exists. We recommend you test software applications and the various websites that you use to see if they need updates. Test your applications in advance of the browser release. That way, you know if they will continue to work as expected after the Chrome changes take effect. It is not a complicated process. Download the Chrome 80 Beta version. Then, test your applications using the SameSite Flags in the enabled position. If you need to, you can set your applications to the SameSite Flags=None position.

  • Do Not Panic. It is not too late to test, and you can give yourself even more time to test. Disable the changes Google made in Chrome until you complete the testing process. You want to prove to your satisfaction that Google Chrome 80 will work with the applications you depend on every day. Until then, deactivate the cookie changes by revising your Group Policy to disable that setting. 

And please understand this: Google is not alone in this effort to rein in the use of third-party cookies. Mozilla shared its intention to use the new cookie classification structure in its web browser, Firefox.

If you need support or want more information on this topic, please contact us or call 336.804.8449. We are able to keep your business safe and secure.

For an interesting view on Google's announcement regarding tracking cookie changes, read the CNBC.com article from May 2019 entitled "Google cracks down on ads tracking you across the web, and advertisers are preparing for the worst." Advertisers aren't the only ones who need to concern themselves with the Chrome changes.

networksecurity