Google Chrome Version 79 – Potential Disruption to Customer Websites & Microsoft Services

by Armen Gharibian
Managing Director

Google released a Chrome beta build 79 on October 31, 2019, the beta release introduced a new feature in how cookies are handled.  The change was initially intended to prevent malicious cookie tracking;  The new feature is also expected to be included in default Chrome behavior with Chrome build 80 slated to be released on February 4, 2020.  The feature change is expected to affect services and applications in a customer’s environment including but not limited to the following:

  • The performance of all Microsoft services may be significantly decreased.
  • Signing in to important sites such as the Azure portal fails and generates an error.
  • Signing in to Microsoft Power BI enters a loop and eventually generates an error.
  • Dynamics 365 sign-out fails.
  • Dynamics integration with Skype, PowerApps, and Excel fails.
  • In Office 365, notifications about email messages in the Office Suite do not work.
  • In Microsoft Teams, tabbed access to other office services such as Stream within the Teams client does not work.
  • Sign-out messages from certain sites indicate a successful sign-out. However, the cookie clearing process fails, and this keeps the user signed in.
  • Signing in and signing out fails on many customer-developed websites that use some versions of Microsoft .NET Framework and .NET Core to process authentication tokens.
  • Customer-developed applications that do silent sign-in flows by using MSAL or ADAL against Azure Active Directory (Azure AD), Azure AD B2C, or Microsoft Account are affected.
  • Signing in to and signing out from Active Directory Federation Services (AD FS) when it is acting as a Federated partner to another Identity Provider is affected.
  • Signing in to applications that are published behind Web Application Proxy (WAP) and AD FS and Applications are in different domains is affected.

Microsoft strongly suggests customer’s use Google Chrome Beta Build 77 to thoroughly test web based applications and services especially if they rely on cross-domain cookie sharing.  Google has released new enterprise controls that can be set to mitigate disruption:

LegacySameSiteCookieBehaviorEnabled

LegacySameSiteCookieBehaviorEnabledForDomainList

If you would like more information or assistance from our industry-leading team of experts, please contact us at service@helient.com.