The Google Chrome web browser, version 80, is now available for download on all major platforms.
Today’s Chrome 80 release marks a important point in Chrome’s history. This release comes with two major changes to how Google’s browser operates, changes that will resonate with users for years to come.
Same-site cookies
The first of these big changes was made to the way Chrome handles cookie files.
Cookies have been a staple of the browser landscape since the 90s. They are simple text-based files that sites exchange with browsers.
Until today, Chrome allowed all cookie files to load uninhibited, regardless of the web domain that created the cookie and the website where the cookie was being loaded from.
This mechanism, while dead simple, created the privacy nightmare we have today were advertising and analytics firms can track users as they move across the web thanks to cookies they load inside users’ browsers — usually via ads or tracking scripts.
Starting with Chrome 80, all of this will change. With v80, Chrome will only load cookies that have been created and loaded on the from the same domain — known as first-party cookies, or same-site cookies.
If websites need to load cookies from third-party domains, then webmasters need to manually enable a setting for their site inside HTTP headers which will specifically tell Chrome to allow third-party cookies for their visitors.
The change is hard to get your head around if you’re a non-technical user, but the crux of the matter is that Chrome supporting only same-site cookies by default will help boost privacy and security for Chrome users going forward.
Developers looking to learn more about same-site cookies can check out Google’s official announcements [1, 2], this introductory blog post on Google’s web.dev tutorial site, the official the MDN portal entry, this intro from a member of the Edge browser, or the video below.
No more notification spam
But while the same-site cookie change might be puzzling for non-technical users, this next big change is not.
Starting with Chrome 80, Google has also changed how Chrome handles notification popups, which many websites have been recently abusing to spam their users.
Going forward, sites won’t be able to annoy users with notification popups anymore, and all notification requests will be hidden and contained under an icon in the Chrome URL address bar.
Image: Google
Step 2/3 in Google’s mixed content upgrade
Chrome 80 also marks the second major release in Google’s three-step plan to eliminate mixed HTTPS content.
Mixed HTTPS content refers to web pages where content such as images, JavaScript, or stylesheets are loaded via both HTTP and HTTPS, meaning the site doesn’t actually load entirely over HTTPS.
Google’s announced end goal is to auto-upgrade all HTTP content to their analogue HTTPS URLs. However, doing this all of a sudden is dangerous as it can cause a lot of breakage across the internet.
Instead, to prevent any major issues, Google has chosen a three-step plan for this process, as detailed below, and with Chrome 80 being step 2 of a three-step plan that started with Chrome 79 and will end next month with Chrome 81:
- In Chrome 79, releasing to stable channel in December 2019, we’ll introduce a new setting to unblock mixed content on specific sites. This setting will apply to mixed scripts, iframes, and other types of content that Chrome currently blocks by default. Users can toggle this setting by clicking the lock icon on any https:// page and clicking Site Settings. This will replace the shield icon that shows up at the right side of the omnibox for unblocking mixed content in previous versions of desktop Chrome.
- In Chrome 80, mixed audio and video resources will be autoupgraded to https://, and Chrome will block them by default if they fail to load over https://. Chrome 80 will be released to early release channels in January 2020. Users can unblock affected audio and video resources with the setting described above.
- Also in Chrome 80, mixed images will still be allowed to load, but they will cause Chrome to show a “Not Secure” chip in the omnibox. We anticipate that this is a clearer security UI for users and that it will motivate websites to migrate their images to HTTPS. Developers can use the upgrade-insecure-requests or block-all-mixed-content Content Security Policy directives to avoid this warning.
- In Chrome 81, mixed images will be autoupgraded to https://, and Chrome will block them by default if they fail to load over https://. Chrome 81 will be released to early release channels in February 2020.
Support for blocking heavy ads
But just as with all recent Chrome release, Google engineers have also hidden a secret nugget in this browser version as well.
While in Chrome 79 we had tab freezing, in Chrome 80 we have a new Chrome flag that lets users block ads that use too much resources, such as CPU or RAM.
To enable this feature, Chrome users must access the following link and enable the respective Chrome flag.
chrome://flags/#enable-heavy-ad-intervention
Image: ZDNet
Text URL Fragments
Last, but not least, is a new Chrome API that implements the Text Fragments specification. In layman’s terms this new API will allow Chrome to link and recognize links to specific text on a website. When Chrome loads one of these links, the browser highlights the text and scrolls the fragment into view.
Text URL fragments should make linking content a lot more interesting, as long as they’re broadly adopted.
According to Google, a text URL fragment link would look something like:
https://en.example.org/wiki/Cat#:~:text=On islands, birds can contribute as much as 60% of a cat’s diet
But we only touched on the most interesting changes. Users who’d like to learn more about the other new features added or removed from the Chrome 80 release can check out the following links:
Chrome security updates are detailed here.
Chromium open-source browser changes are detailed here.
Chrome developer API deprecations and feature removals are listed here.
Chrome for Android updates are detailed here. [not yet public]
Chrome for iOS updates are detailed here.
Changes to Chrome V8 JavaScript engine are available here.