Google is rolling out the latest version of Chrome for Mac, Windows, and Linux today. Chrome 80 introduces a quieter notification permissions UI and SameSite cookie enforcement.
The web today is littered by sites asking to send you notifications on your first visit. Chrome 80 debuts a quieter notification UI that replaces the permissions pop-up. Instead, a “Notifications blocked” message slides out from the right side of the address bar and shrinks to a crossed-out bell icon.
On first launch, a help dialog explains the functionality: “You usually block notifications. To let the site notify you, click here.” It can be manually enabled from Settings > Site Settings > Notifications under “Use quieter messaging” (chrome://flags/#quiet-notification-prompts). Google plans to roll it out for users who repeatedly deny notifications and sites with “very low acceptance rates.”
In December with Chrome 79, Google added saved password protections to warn about breached credentials as you’re entering them online. The warning message will now show up to three sites where you’re using the login.
First-party cookies match the domain of the site you’re currently visiting. Chrome 80 is now restricting cookies to first-party access by default, with developers required to explicitly mark cookies for third-party usage.
Cookies with no declared SameSite value will be designated SameSite=Lax and restricted to first-party usage. Third-party cookies, like for logins, are only available if designated SameSite=None; Secure and sent over HTTPS. This is the start of Google’s push to limit insecure cross-site tracking and provide users with more control. For more, read our explainer on the changes:
“Lax” is designed to let normal browsing work as expected, only blocking cookies when connecting directly from one website to certain secure aspects of another.
Tagging a particular cookie as “Secure” tells Chrome to only use that cookie when making a secure (HTTPS) connection. This is done to ensure that nothing can listen in to your network and make a copy of your cookie for malicious purposes.
This begins rolling out the week of February 17 to an “initial limited population.” Google will be “closely monitoring and evaluating ecosystem impact” and gradually increase availability.
Google will begin rolling out tab groups in Chrome 80, but a wider launch is not expected until the next release. This feature was first announced last September for Chrome on Android. On desktops, the organization feature lives in the tab strip. Each grouping can be named and assigned a color.
While browsing today predominantly occurs over HTTPS, some connections still load images, audio, and video subresources over HTTPS. Chrome 80 autoupgrades HTTP audio and video, with content blocked if it fails to load over HTTPS.
HTTP images on HTTPS pages are given an exception this release, but the browser will say “Not secure” in the address bar. Additionally, affected resources can be unblocked by tapping the lock icon > Site Settings.
Chrome adds support for SVG images in favicons. The scalable format helps sites and apps reduce overall resource size.
Google is winding down support for the File Transfer Protocol in Chrome 80. Users are advised to download a native FTP client instead.
As you navigate away from an existing page, Chrome 80 no longer allows the old site to trigger pop-ups. Along with synchronous XHR requests being disallowed, this will “improve page load time and make code paths simpler and more reliable.”
FTC: We use income earning auto affiliate links. More.