Avoiding New Issues on Top of Virus, Google Rolling Back Security Update

Google has recognized the business problems caused by the coronavirus and is trying not to create any new ones.

A security update in Chrome 80 that potentially makes breaking changes on websites is being rolled back, Google announced.

The SameSite Cookie Update had been released to some Google Chrome browser users in March 2020 and was scheduled to go to more. But Google said on April 3, 2020, that it wouldn’t continue the rollout and in fact would roll back the updates from users who had already received it.

"In light of the extraordinary global circumstances due to COVID-19, we’ve decided to temporarily roll back the enforcement of SameSite cookie labeling on Chrome 80 stable,” Google said in an announcement on its Chromium blog.

In any event, Essent customers are covered. Essent had already made the necessary changes to its cloud offerings including EssentOne, Compass, SiteBuilder, and OrderTrax to work with the update, and no action is required of Essent customers in regard to their Essent products.

What was in the update

The SameSite Cookie Update was designed for privacy and security, to stop automatically passing cookies to third-party services. While that makes for a more secure web, it also stood to break some website features on some websites, as Essent announced earlier this year.

In particular, payment card processing is a common third-party service that relies on cookies. Payment card processing was likely to break on at least some websites that hadn’t been configured for the update.

With COVID-19 posing its own set of challenges, Google decided not to put any more potential challenges on the table.

"We recognize the efforts of sites and individual developers who prepared for this change as part of our ongoing effort to improve privacy and security across the web. We appreciate the feedback from across the web ecosystem which has helped inform this decision. We will provide advance notice on here and the Chromium blog when we plan to resume the gradual rollout, which we’re now aiming for over the summer.”

What could go wrong

In the meantime, until the rollback occurs, some users do have the SameSite Cookie Update and may temporarily experience breaking changes. In addition to payment card processing, website parts that may break include advertising, content recommendations, third-party widgets, social embeds, punch-out technology, and other features.

Again, Essent configured its cloud offerings to work for the update and Essent customers need to take no action regarding their Essent products. Essent customers who have ecommerce sites that are not running on Essent SiteBuilder, however, need to check to make sure that their vendors have made the same updates.

While Google is stopping the SameSite Cookie Update in its tracks and rolling it back for those who did receive it, some who already received it may be experiencing the breaking changes now. Regardless, Google will implement the full breadth of the update at some point, as soon as this summer, and business will need to be prepared with compatible updates of their own.