14 DAY TRIAL // Microsoft has started testing SameSite cookies in its Windows 10 browsers, and the most recent preview builds released earlier this week brings an early implementation of this new feature.
Specifically supposed to add a new security layer to Windows 10, the SameSite cookies standard can help protect users against cross-site request forgery (CSRF) attacks. Microsoft wants this to be part of the Windows 10 feature arsenal, so build 17672 comes with support for this feature in Microsoft Edge, with the company planning to bring it to both Edge and Internet Explorer on all production systems.
Microsoft explains in a technical analysis of what SameSite cookies can do on Windows 10 that its browsers will support it starting with Windows 10 Creators Update and newer.
Also aimed at older Windows 10 versions
If you’re running an older version of Windows 10, there’s no reason to worry because the company says that this feature is backwards compatible and browsers lacking it will be instructed to use a regular cookie and ignore the new attribute.
“Historically, sites such as example.com that make “cross-origin” requests to other domains such as microsoft.com have generally caused the browser to send microsoft.com’s cookies as part of the request,” Microsoft explains.
“Normally, the user benefits by being able to reuse some state (e.g., login state) across sites no matter from where that request originated. Unfortunately, this can be abused, as in CSRF attacks. Same-site cookies are a valuable addition to the defense in depth against CSRF attacks.”
There’s no ETA right now as to when this feature could be rolled out to users, but Microsoft suggests that it’ll be released when it’s ready. This means it won’t be part of the Redstone 5 update because it’s aimed at previous versions of Windows 10 as well.
The company further adds that while right now SameSite cookies are still in the works at the Internet Engineering Task Force (IETF), it’s already stable enough for broad adoption, so it should be rolling out to users very soon.