Google is rolling out a change to Chromium that “de-elevates” Google Chrome so it does not run as an administrator to increase security in Windows.
Microsoft previously introduced a similar feature in 2019 to the Edge Browser. When users launched Edge with elevated permissions, a warning would appear, recommending that they relaunch the browser without administrative rights.
Later, Microsoft modified the feature to automatically prevent the Edge browser from launching with elevated permissions.
Microsoft is now bringing the same improvements to Chromium, with developers submitting a commit to the Chromium source code.
As spotted by Leo on X, Microsoft has confirmed that Chrome will now automatically de-elevate when users try to launch it with elevated permissions.
“Automatically de-elevate users launching chrome elevated. This CL is based on changes we’ve had in Edge, circa 2019, which attempts to automatically de-elevate the browser when it’s run with the elevated part of a split / linked token,” Stefan Smolen, who works with the Microsoft Edge team, wrote in a Chromium commit.
“This automatically attempts a relaunch once, and then if it still fails it falls back to the current behaviour (which tries to launch admin).”
Microsoft has also added a command-line switch, “-do-not-de-elevate,” to prevent the de-elevation after an auto-relaunch to prevent infinite loops.
” Do not de-elevate the browser on launch. Used after de-elevating to prevent infinite loops,” reads a comment in the source code.
This feature does not work for Chrome processes launched with elevated rights when in automation mode, so as not to interfere with tools that may need to run automatically.
However, in general, Microsoft warns that launching the browser in admin mode is not a good idea.
When Chrome runs as an Administrator, it inherits elevated permissions, which means anything you download and open through the browser will also launch with Administrator rights, which can pose a serious security risk.
If you accidentally download and run a malicious file, it could execute with full system access, potentially compromising your entire operating system without any warning.
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
Source link
-
-
-
-
-
-
-
-
