05 February 20, 13:50
Quote:Google has released Chrome 80 today, February 4th, 2020, to the Stable desktop channel for the Windows, macOS, Linux, Chrome OS, iOS, and Android platforms with bug fixes, new features, and 56 security fixes.
Included are new features such as a new secure-by-default cookie classification system, auto-upgraded mixed content, text URL fragments, SVG favicons, and more.
The highlight of the Google Chrome 80 version is the enforcing of a secure-by-default cookie classification system designed to treat cookies without a SameSite value SameSite=Lax cookies.
According to Google, only cookies set as SameSite=None; Secure will be available in third-party contexts, with the condition of being accessed from secure connections
Chrome 80 also auto-upgrades optionally-blockable mixed content (HTTP content in HTTPS sites) by automatically rewriting the URL to HTTPS, without providing an HTTP fallback and blocking them by default if they fail to load over https://.
In this release, only audio and video content will be upgraded with mixed images still being allowed to load. They will, however, be marked with a 'Not Secure' chip in the omnibox.
"Developers can use the upgrade-insecure-requests or block-all-mixed-content Content Security Policy directives to avoid this warning," Google says.
Read more: https://www.bleepingcomputer.com/news/go...nges-more/