Article Details
Scrape Timestamp (UTC): 2025-05-14 20:31:35.565
Original Article Text
Click to Toggle View
Google Chrome to block admin-level browser launches for better security. Google is rolling out a change to Chromium that "de-elevates" Google Chrome so it does not run as an administrator to increase security in Windows. Microsoft previously introduced a similar feature in 2019 to the Edge Browser. When users launched Edge with elevated permissions, a warning would appear, recommending that they relaunch the browser without administrative rights. Later, Microsoft modified the feature to automatically prevent the Edge browser from launching with elevated permissions. Microsoft is now bringing the same improvements to Chromium, with developers submitting a commit to the Chromium source code. As spotted by Leo on X, Microsoft has confirmed that Chrome will now automatically de-elevate when users try to launch it with elevated permissions. "Automatically de-elevate users launching chrome elevated. This CL is based on changes we've had in Edge, circa 2019, which attempts to automatically de-elevate the browser when it's run with the elevated part of a split / linked token," Stefan Smolen, who works with the Microsoft Edge team, wrote in a Chromium commit. "This automatically attempts a relaunch once, and then if it still fails it falls back to the current behaviour (which tries to launch admin)." Microsoft has also added a command-line switch, "-do-not-de-elevate," to prevent the de-elevation after an auto-relaunch to prevent infinite loops. " Do not de-elevate the browser on launch. Used after de-elevating to prevent infinite loops," reads a comment in the source code. This feature does not work for Chrome processes launched with elevated rights when in automation mode, so as not to interfere with tools that may need to run automatically. However, in general, Microsoft warns that launching the browser in admin mode is not a good idea. When Chrome runs as an Administrator, it inherits elevated permissions, which means anything you download and open through the browser will also launch with Administrator rights, which can pose a serious security risk. If you accidentally download and run a malicious file, it could execute with full system access, potentially compromising your entire operating system without any warning. Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
Daily Brief Summary
Google is updating Chromium to increase security by preventing Chrome from running as an administrator in Windows.
This change echoes a security feature first introduced by Microsoft for the Edge browser in 2019, which originally warned users against launching with elevated permissions.
The updated feature will automatically "de-elevate" Chrome's permissions if an attempt is made to launch it with administrative rights.
Microsoft's involvement in the Chromium project has facilitated the addition of this security feature, which was based on their experiences with Edge.
There's an added command-line switch to prevent potential infinite loops caused by the automatic de-elevation process.
Running Chrome with administrative rights exposes the system to significant risks, as malicious downloads would also inherit elevated permissions, potentially leading to full system compromise.
The de-elevation feature does not affect Chrome processes initiated in automation mode to allow compatibility with necessary automated tools.