Web applications affected by Chrome 80

Summary

Google Chrome 80 changes web cookie security in ways that may break web applications. This article lists affected applications and provides recommended workarounds.

Body

Google Chrome version 80 implements new changes to improve security of web applications by making it harder for malicious actors to steal web cookies. However, these changes will have some impact on the functionality of UWindsor websites and web applications. This article identifies the affected web applications and provides workarounds.

Note: Chrome 80 is available as of February 04, 2020, but the changes to cookie handling have been delayed until February 17, 2020. Starting February 17, Google will roll out changes in phases, so not all users will have the changes enabled at the same time.

Background

Web cookies are a technology that allows a website or web application to save little bits of information or to exchange data with other web services integrated into a web application. Web cookies are often used to save preferences and allow you to be automatically logged into a website when you return.

Unfortunately, it is currently quite easy for malicious websites to steal cookies that are not meant for them. This is done using a technique called Cross-Site Request Forgery (CSRF). The changes that Chrome 80 is making are designed to limit the amount of data that would be stolen by a hacker that successfully executes a CSRF against your web browser.

Other browsers such as Mozilla Firefox and Microsoft Edge will implement the same security enhancements later this year.

A consequence of this increased security is that some websites and web applications may not work correctly until they have been updated to work with the new way that Chrome 80 handles cookies.

Affected websites and web applications

  • Blackboard Learn
  • Primo (library system)
  • Leganto (library system)

Workarounds

In the near term, the easist workaround is to use the Mozilla Firefox browser. It works nearly as well on most UWindsor websites and web applications.

Primo / Leganto (library system)

It appears that errors in Primo and Leganto when using Chrome 80 can be resolved by clearing cookies in your Chrome browser. For instructions, visit https://support.google.com/chrome/answer/95647

Reporting issues

If you discover an issue with a UWindsor web application not listed above, please open a ticket at http://www.uwindsor.ca/itshelp so that we can investigate further.

More information

To learn more about the changes introduced in Chrome 80, please visit the following links.

Chromium blog on these changes: https://www.chromium.org/updates/same-site
SameSite cookies explained https://web.dev/samesite-cookies-explained/  
Developers: Get Ready for New SameSite=None; Secure Cookie Settings https://blog.chromium.org/2019/10/developers-get-ready-for-new.html  

Details

Details

Article ID: 97113
Created
Fri 1/31/20 12:10 PM
Modified
Wed 10/12/22 1:49 PM