Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Security Advisory – Google Chrome Browser version 80 Updates and Ex Libris products and services - January 30, 2020

    Subject: Security Advisory – Google Chrome Browser version 80 Updates and Ex Libris products and services - January 30, 2020

    Overview

    On February 4, 2020 Google will roll out a new version of Google Chrome (80) that will implement a secure-by-default model for cookies using the SameSite attribute, enabled by a new cookie classification system.

    The SameSite attribute protects users from cross-site request forgery, where innocent end user is tricked by an attacker into submitting a web request that they did not intend.

    Google Chrome (80) new default cookie attribute will be set to SameSite="Lax". Previously, the SameSite cookie attribute defaulted to SameSite="None".

    As of February 2020, only cookies with the SameSite set to "None" and tagged as Secure will be able to send cross-sites and will require encrypted HTTPS connection access.

    Impact

    High

    Affected Systems

    Although the change was intended to discourage malicious cookie tracking, it has the potential to affect Ex Libris products and services that leverage application cookies within the same web page that have a different domain than the one being used by Ex Libris.

    Custom integrations relying on non-secure (HTTP) protocol or cookie, might be impacted in Google Chrome

    SFX and 360 will be affected by the new chrome version.

    Tests and Certifications

    Ex Libris products and services have been tested and certified with Chrome (80) version.

    Actions Taken for Cloud Systems

    Ex Libris deployed the required configurations to all Ex Libris cloud servers for the following Ex Libris products: Alma, Primo, Summon, Esploro, campusM, Leganto, RapidILL, RefWorks, Aleph, Voyager, Rosetta, Pivot, Research professional, Intota, Ulrich's, MetaLib, DigiTool.

    SFX - Impact to the Link Resolver Sidebar; see Google Chrome (80) Update and Possible Impact on SFX  

    360 – Impact to 360 Link Sidebar uses ‘iframes’ to embed external content and links in its pages; see Impact of Google Chrome version 80 on 360 Link

    Required Configurations for On-Premise/Local Systems

    SFX - Impact to the Link Resolver Sidebar; see Google Chrome (80) Update and Possible Impact on SFX