View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
September 20, 2019

Latest Chrome Browser “Severely Degrades” Microsoft Cloud Services

Microsoft: "We found the following scenarios to be severely degraded..."

By CBR Staff Writer

Chrome 78, the latest build of the world’s most widely used web browser, “severely degrades” Microsoft cloud services, Microsoft warned today.

Chrome 78 users are likely to find themselves locked out of the Azure portal, unable to sign into websites that use the Microsoft .NET framework and more, Microsoft said, adding that Google has yet to share a date for a fix.

A beta release of the Chrome 78 build was made available Thursday September 19. Google plans to push out a stable release October 22.

Microsoft strongly urged customers to avoid using Chrome 78 until a full-fat version of the browser is generally available with a fix for the issue – which breaks authentication flows based on the OpenID Connect standard.

Chrome 78: What’s Happening?

The issue stems from Google’s to tackle tracking cookie abuse and cross-site request forgery (an attack that tricks an end user into executing unwanted actions on a web application) through a standard known as SameSite.

The company recognises that roll-out may be problematic, saying “some sites relying on third-party cookies may break temporarily until developers add “SameSite=None”.

Testing of the new Chrome version by Microsoft revealed that the following services were “severely degraded”, the company said.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK
    • “Signing in to important sites such as the Azure portal fails and generates an error.
    • “Signing in to Microsoft Power BI enters a loop and eventually generates an error.
    • “Sign-out messages from certain sites indicate a successful sign-out. However, the cookie clearing process fails, and this keeps the user signed in.
    • Signing in and signing out fails on many customer-developed websites that use some versions of Microsoft .NET Framework and .NET Core to process authentication tokens.
    • Customer-developed applications that do silent token refreshing in MSAL or ADAL against Azure Active Directory (Azure AD), Microsoft Account, or Active Directory Federation Services (AD FS) fail to sign in.

Google’s Lily Chen posted in a Chromium group on September 12: “We are working on publishing developer guidance on how to work around incompatible clients. That should be ready soon, and I will post a link to it here when that is out.

Microsoft said in a support update: “We understand that Google is planning to provide enterprises the ability to override these changes.

“However, Google has not shared with Microsoft any further details about these overrides or the dates on which the overrides might become available.”

The company said it “strong recommends” that customers avoid using the Beta release in their production environments when they access Microsoft services: “If developers have to use the Beta release for website testing, we recommend that they use a different browser to access Microsoft services.”

The news came as Microsoft confirmed a bug for Office 365 users today that saw many asked to verify their identity when opening shared SharePoint/OneDrive file links.

“We’ve confirmed that the issue is cosmetic and files themselves are not affected,” Microsoft said. “Users may click Cancel on the prompt and continue to view the files without issue.

Read this: Update Chrome “Right This Minute” Warns Google

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU