With the launch of Chrome 80 in February, Google began gradually rolling out an update that changes how third-party cookies work on websites, called “SameSite.” Today, it announced that it is temporarily rolling back this SameSite requirements in light of the COVID-19 outbreak.
The SameSite policy was a change in how Chrome treats cookies. Before, Chrome accepted more cookies by default, including from third parties. SameSite flipped that default. At a high level, that essentially means that unless a third-party cookie explicitly was set by a website owner as being okay, Chrome would block it. This move was intended to protect user privacy by limiting which cookies can function in a third-party context, which would supposedly curb third-party data collection.
However, disabling third-party cookies can cause some sites to break — especially if they were using third-party cookies as part of their login systems. Many major sites were already updated to account for SameSite, but Google says it wants to “ensure stability for websites providing essential services including banking, online groceries, government services and healthcare.” Presumably that means some sites in those categories weren’t updated.
As sites have had to deal with the complications caused by the COVID-19 outbreak, it’s likely that many haven’t had the time or the resources to adapt to the update and aren’t likely to be able to devote attention to it in the near future.
Since social distancing measures have greatly increased reliance on online services, disruptions like this could cause a number of issues, especially when it’s related to health care resources.
This isn’t the only Chrome update affected by the outbreak. In March, Google announced it was temporarily pausing adding new features to Chrome and Chrome OS and focusing on updates related to security. Google said that this was due to changes to its own work schedules. However, Google has since resumed development for Chrome and Chrome OS, albeit on an adjusted schedule.