Chrome 84 Arrives With SameSite Cookie Changes, Web OTP API and Web Animations API

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 84 for Windows, Mac, Linux, Android, and iOS. Chrome 84 resumes SameSite cookie changes, includes the Web OTP API and Web Animations API, and removes older Transport Layer Security (TLS) versions. First deprecated with Chrome 81 in April, TLS 1.0 and TLS 1.1 have now been completely removed with Chrome 84. This is notable for anyone who manages a website, even if they don't use Chrome at home or at work. TLS is a cryptographic protocol designed to provide communications security over a computer network -- websites use it to secure all communications between their servers and browsers. TLS also succeeds Secure Sockets Layer (SSL) and thus handles the encryption of every HTTPS connection.

In May 2016, Chrome 51 introduced the SameSite attribute to allow sites to declare whether cookies should be restricted to a same-site (first-party) context. The hope was this would mitigate cross-site request forgeries (CSRF). Chrome 80 began enforcing a new secure-by-default cookie classification system, treating cookies that have no declared SameSite value as SameSite=Lax cookies. Only cookies set as SameSite=None; Secure are available in third-party contexts, provided they are being accessed from secure connections. Due to the coronavirus crisis, however, Google paused the SameSite cookie changes, with plans to resume enforcement sometime over the summer. SameSite cookie enforcement has now resumed with a gradual rollout ramping up over the next several weeks for Chrome 80 and newer.

Chrome 84 introduces the Web OTP API (formerly called the SMS Receiver API). This API helps users enter a one-time password (OTP) on a webpage when a specially crafted SMS message is delivered to their Android phone. When verifying the ownership of a phone number, developers typically send an OTP over SMS that must be manually entered by the user (or copied and pasted). The user has to switch to their native SMS app and back to their web app to input the code. The Web OTP API lets developers help users enter the code with one tap. Chrome 84 also adopts the Web Animations API, which gives developers more control over web animations. These can be used to help users navigate a digital space, remember your app or site, and provide implicit hints around how to use your product. Parts of the API have been around for some time, but this implementation brings greater spec compliance and supports compositing operations, which control how effects are combined and offer many new hooks that enable replaceable events. The API also supports Promises, which allow for animation sequencing and provide greater control over how animations interact with other app features.

WTF?

[msauve]

After 20+ years, Google is still clueless about what the Internet is about.I get the making money stuff, but they still don't understand the basics.

Re:

[antdude]

What about others like MS, Firefox, etc.? :(

New Edge reaction

[Gavino]

Lately I've been migrating my less techy family members from Chrome to the new Edge. Microsoft shoved it down people's throats but it doesn't seem to lose anything to Chrome, so moved people across so I could install chrome as it's now redundant. Google probably freaking that a lot of people are doing the same. I am expecting Edge to make a real dent in Chrome's browser dominance.

Web OTP API

[93 Escort Wagon]

I didn't realize this was new - Safari's been doing it for quite some time already.

One Time Password

[Cmdln Daco]

Yeah. Anything that smoothens and makes it easier to automate a special security technique that should require active user intervention.

Sure.

Who are these 'web programmer' punks? Don't they know an OTP is a non-windowed EEPROM microcontroller??

Friends

[ArhcAngel]

Friends don't let friends use Google Chrome!

Re:

[grep -v '.*' *]

Friends don't let friends use Google Chrome!

Why of course! It's Internet Explorer 6, all the way!

-=- Best viewed better with Internet Explorer -=-

Re:

[ArhcAngel]

Well that's the only way I can get my Visual Basic 3.0 apps to work with my mission critical access database.

Tab groups still don't collapse

[BenJeremy]

Tab groups are cool, but why are we three versions into this feature and the collapse capability is still missing? That's 80% of the functionality of the feature.

Why yes, I do have lots of tabs and windows open most of the time

I'm outraged.

[Anonymous Coward]

I clicked on the link for https://web.dev/samesite-cooki... [web.dev] but all I got was an error and the page didn't load.

Then I remembered I had black holed the entirety of .dev out of pure disgust with ICANN and Google.

Re:

[fahrbot-bot]

... Then I remembered I had black holed the entirety of .dev out of pure disgust with ICANN and Google.

Ya, they're still really hurting from that; good job.

Just left Chrome last week

[willoughby]

Search "Software Reporter Tool" for more info...

I got fed up with Software Reporter Tool sucking up 75% or more CPU. I don't understand why this is a part of a web browser but now, using Firefox, I don't care.

Re:

[nashv]

IF Firefox works for you, very good but I left Firefox after 15 years of use, because it just is lagging too far behind and has apparently no clear sustainable development arc anymore.

FWIW, Edge does not have the "Software Reporter Tool" atrocity.