Google Chrome 96 Breaks Twitter, Discord, Video Rendering and More

Google Chrome 96 was released yesterday, and users are reporting problems with Twitter, Discord, and Instagram caused by the new version. BleepingComputer reports: The issues have been reported to Google in a Chromium bug post where Google employees have started to investigate the problems. "We're continuing to see user reports about this behavior, including reports from our social team," notes Google product manager Craig Tumblison. "One user has shared that disabling the "chrome://flags/#cross-origin-embedder-policy-credentialless" flag resolves the behavior. Another report shares a specific error message: "The connection was rejected at https://cards-frame.twitter.com". Test team, would you be able to try enabling that flag to see if the behavior appears?"

The 'chrome://flags/#cross-origin-embedder-policy-credentialles' flag is related to a new Cross-Origin-Embedder-Policy feature released with Chrome 96. Google states that you can fix these bugs in some cases by setting the "chrome://flags/#cross-origin-embedder-policy-credentialless" to disabled. If you are affected by these issues, you can copy and paste the above chrome:// address into the Google Chrome address bar and press enter. When the experimental flag appears, please set it to Disabled and relaunch the browser when prompted.

"Problems"

[Sebby]

"We're continuing to see user reports about this behavior, including reports from our social team," notes Google product manager Craig Tumblison.

Translation: We're noticing that users are detected our attempts to further break the web to steer them into our walled ecosystem, which appears to be failing.

Re:

[Canberra1]

A browser renders things like a page - simples. Now it is let us fingerprint and cookie you to death, so we know what you looked at - and when! What we need is a browser plugin to send back false information, or to ping ad servers randomly with false IP addresses. I have just seen MS10 blow up because it could not write 'ad presented' in its playstore log area - because it was corrupted, because the person had a marginal mobile wireless connection that drops out often. It follows that savvy advertisers wan

Re:

[AmiMoJo]

Looking into the problem it seems that Google is adding an important security enhancement that prevents unintended tracking across sites (including their own). So if a random site adds a Google widget or a 3rd party ad or something it doesn't get access to the main site's credentials unless explicitly opted in by the developer.

The opt in is needed for some sites functionality.

Re:

[gweihir]

"We're continuing to see user reports about this behavior, including reports from our social team," notes Google product manager Craig Tumblison.

Translation: We're noticing that users are detected our attempts to further break the web to steer them into our walled ecosystem, which appears to be failing.

Indeed. There is no way they did not know that before. Even Google does not test its products this shoddily.

That settles it...

[HanzoSpam]

I'm upgrading immediately!

Re:

[hawk]

yeah, I'm trying to see the downside of this, and not succeeding.

These all seem to be features.

General system stability improvements

[thesjaakspoiler]

to enhance the user's experience.
We're not all as diligent as Nintendo.

Slashvertisement?

[jargonburn]

Chrome 96 Breaks Twitter,

Upgrade immediately!

Discord,

*tsk*....eh, I use the desktop app

Video Rendering and More

Dammit, now I'm conflicted!

Who are the credentialles?

[Entrope]

Are the credentialles like the federales, except responsible for credentials?

(Yes, I know, what editors?)

corporate IT issues

[acroyear]

make the chrome flags option not a good solution. When the http images in https pages issue came along, lots of customers came back and said they aren't allowed to change their chrome flags settings due to security policies from their company.

Re:

[thegarbz]

If you're using discord on your company PC you have more serious issues. But jokes aside Chrome flags are still a good option, precisely because they can be controlled via security policy. Something is broken, talk to your IT department who rolled out a Chrome update without testing it.

Automatic updates considered harmful

[kbrannen]

This is an excellent example of why some of us don't like automatic updates on software, not to mention it seems like they often come at the most inopportune times ... like while I'm in the middle of doing something important that shouldn't be interrupted! No, upgrades should be done on my schedule when it's convenient to me and only because I took an action.

Re:

[Askmum]

If it ain't broken, don't fix it.

Re:

[thegarbz]

like while I'm in the middle of doing something important that shouldn't be interrupted

Given how updates to Chrome apply silently in the background you've either done something very wrong, or are doing something *VERY* important.
You can control your upgrade schedule if you want, but I take big issue with you calling them "harmful". We have 25 years of experience showing that relying on users to apply updates themselves is a fucking security nightmare, and one of the best advances we have made in IT security over the years is to remove the user's manual intervention.

SiteGround

[cascadingstylesheet]

Hmm, is this what broke SiteGround logins today? There were console error messages about CORS.

Re:

[cascadingstylesheet]

But then again, that wasn't confined to Chrome. Never mind ...

STOP

[Gabest]

Don't they have anything better to do? Stop developing Chrome. It's ready. It's been ready five years ago.

Re:

[thegarbz]

It's ready. It's been ready five years ago.

What's ready? Just as a simple experiment download a 5 year old version of Chrome and try and run Office 365. You'll see how unready it actually is.

Re:

[sjames]

The problem is adding flaming hoops for "security" that don't even actually improve security. Add in a w3c that has abandoned it's reason to be and yet continues to exist.