Google Chrome 80 Released with improved support for SameSite Cookie

February 4, Google released Google Chrome 80 (80.0.3987.87).  It includes HTTPS auto upgrade feature and improved support for SameSite Cookie.

Google Chrome 80 is the latest version following Chrome 79, which was released in December 2019.  It has improved support for SameSite Cookie, which was introduced in version 51 in order to have stricter control over third party cookies. SameSite Cookie is a feature that allows specifying a value into a cookie via SameSite attribute, and in version 80, only cookies that are set with the “SameSite=None; Secure” value will be viable as third party cookies.  Cookies that don’t declare SameSite value will be treated as SameSite=Lax, and won’t be available in third party context.

In this release, HTTPS handling has been changed.  Version 79 introduced a setting that does not block HTTP contents (mixed contents) by default, but version 80 automatically upgrades mixed audio and video contents in HTTPS.  It rewrite URLs to HTTPS without letting them fall back to HTTP.  Although it is possible to load mixed contents, the page will be labeled as a “Not Secure” site.

Chrome 80 now deprecates FTP connection.  FTP support is planned to be disabled in version 82.

As to changes added to developer features, now the new Module Workers mode is included in Web Workers, which allows executing JavaScript code asynchronously to the JavaScript code running in the page.  Also, JavaScript engine V8 has been upgraded to version 8.  It also includes support for WebVR 1.1.

There are in total 56 security fixes.  Based on the program that rewards bug bounties, 48,000 dollars will be spent.

Google Chrome 80 supports Windows, MacOS, and Linux, and for mobile versions, Android and iOS.  It is available on the project website.

Google Chrome
https://www.google.co.jp/chrome/