Google will start rolling out a new version of Chrome that can prevent cross-site tracking today, February 4th. The tech giant first revealed that it was working on the feature in mid-2019 in an effort to prevent security issues caused by cookie vulnerabilities — bad actors, for instance, could transfer funds or hijack accounts by exploiting browser cookies. Chrome 80 could help prevent those situations from happening by enforcing “a new secure-by-default cookie classification system.”
See, web developers can indicate how cookies, or those small files your browser stores from the websites you visit, behave using the “SameSite” attribute. They can make it so that a browser can access cookies only when their URL matches the URL in the address bar or when the destination website uses “safe HTTP methods.” They can also make cookies track users across sites. However, using the attribute is optional, and cookies without it can automatically track you across the sites you visit.
Google is changing that with Chrome 80. Developers will now have to indicate their cookies’ SameSite attribute, or Google will automatically switch their setting to a more secure option. It can potentially break products and services that require cross-site tracking, such as widgets and affiliate programs. That said, the tech giant is giving developers time to transition. While the Chrome update itself will start making its way to users today, Google won’t start enforcing the new cookie classification system until later this month “with a small population of users, gradually increasing over time.”