- A Microsoft dev has submitted an update to Chromium
- The update de-elevates Chrome, to run without admin privileges by default
- This should prevent malicious add-ons and extensions from operating freely
Future versions of Chrome on Windows will most likely not run with admin privileges by default. That way, users should be better protected from suspicious extensions, risky websites, and other potentially malicious activities.
Earlier in May, a Principal Software Engineer at Microsoft, Stefan Smolen, submitted a commit to the Chromium source code, with which Chrome will automatically de-elevate when users try to launch it with elevated permissions.
“This CL is based on changes we've had in Edge, circa 2019, which attempts to automatically de-elevate the browser when it's run with the elevated part of a split / linked token,” Smolen said in the commit. “This automatically attempts a relaunch once, and then if it still fails it falls back to the current behaviour (which tries to launch admin).”
Securing Chrome
The feature has been present in Edge since 2019. When users launch Edge with elevated permissions, the browser would display a warning and a recommendation to relaunch it without admin privileges.
"We append a command-line switch to prevent auto-relaunch if, for whatever reason, we re-launch into admin mode again,” the commit further reads. “We do not de-elevate Chrome when it's running in automation mode so we don't interfere with automation tools.” This feature also prevents potential infinite loops.
Being a window to the wider internet, the web browser is one of the most frequently targeted programs. It constantly handles untrusted data from countless sources, which is why cybercriminals are always looking for vulnerabilities - either in the code, in plugins, or in poorly secured websites. Compromising a browser can give threat actors access to sensitive information including login credentials, personal data, and more.
By taking away admin privileges from the browser, Microsoft disarms it, preventing threat actors from running malware or stealing personally identifiable information. Therefore, the Redmond giant advises all users not to launch their browsers with admin rights.
Via BleepingComputer
You might also like
- Google Chrome update aims to supercharge your web browsing with three AI features
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
