Security News > 2020 > April > Google Rolls Back Recently Introduced Chrome CSRF Protection
Google last week announced that it has started rolling back a cross-site request forgery protection introduced in early February with the release of Chrome 80 in the stable channel.
Initially announced in May 2019, the protection involves Chrome enforcing a new secure-by-default cookie classification system, where cookies that haven't declared a SameSite value being treated as SameSite=Lax cookies.
Since early February, Google has been gradually rolling out the protection to its users, while keeping an eye on ecosystem impact, and also contacting individual websites and services to ensure cookies are labeled correctly.
Due to the current COVID-19 pandemic the Internet search giant has decided to temporarily roll back the enforcement of SameSite cookie labeling.
"While most of the web ecosystem was prepared for this change, we want to ensure stability for websites providing essential services including banking, online groceries, government services and healthcare that facilitate our daily life during this time," Google says.
News URL
Related news
- Google Chrome gets real-time phishing protection later this month (source)
- Google Introduces Enhanced Real-Time URL Protection for Chrome Users (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Google agrees to delete Chrome browsing data of 136 million users (source)
- Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks (source)
- Google Cloud Next 2024: New Data Center Chip and Chrome Enterprise Premium Join the Ecosystem (source)
- Google Chrome: Security and UI Tips You Need to Know (source)