Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Google Chrome: better cookie protections and controls announced
#1
Information 
Quote:
[Image: chrome-samesite-lax-cookies.png]

Google plans to improve cookie controls and protections in upcoming versions of the company's Chrome web browser.

The company revealed plans to change how cookies work fundamentally in the web browser in third-party contexts.

Google Chrome will make use of the SameSite cookie attribute to enforce the new behavior by setting it to lax by default. What this means, essentially, is that the Chrome browser won't send cookies with cross-site requests anymore.

SameSite supports the three values not set, lax and strict, with not set the default on today's Internet. SameSite defines access rights to cookies and it the attribute is not set at all, cookie sending is not limited.

A value of strict on the other hand prevents cookies from being sent to all sites in all cross-browsing contexts. In other words, cookies are only sent if the the requesting site matches the site that is shown in the browser's address bar.

Lax is a compromise between better security and convenience. A Lax value would still block cookies from being sent in third-party contexts, e.g. when requested from a different site, but it would allow cookies to be sent if the user would follow a link to the site.

Quote:The "SameSite" attribute limits the scope of the cookie such that it will only be attached to requests if those requests are same-site, as defined by the algorithm in Section 5.2. For example, requests for "https://example.com/sekrit-image" will attach same-site cookies if
and only if initiated from a context whose "site for cookies" is "example.com".

If the "SameSite" attribute's value is "Strict", the cookie will only be sent along with "same-site" requests. If the value is "Lax", the cookie will be sent with same-site requests, and with "cross-site" top-level navigations, as described in Section 5.3.7.1. (via IETF)

Developers and site operators will have to define SameSite values explicitly if they require different values. If they don't, Lax is enforced.
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Microsoft Edge fixes 0-day vulnerability...
Microsoft released...harlan4096 — 10:12
AnyDesk 8.0.9
AnyDesk 8.0.9:   ...harlan4096 — 10:10
AMD Confirms RDNA 3+ GPU Architecture F...
AMD Zen5-based Strix...harlan4096 — 10:08
Adobe Acrobat Reader DC 24.001.20629 (Op...
Adobe Acrobat Read...harlan4096 — 10:06
FastCopy 5.7.5
FastCopy 5.7.5: ...harlan4096 — 10:04

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>