Google is implementing a Chromium update that “de-elevates” Chrome so that it doesn’t run as an administrator in order to improve Windows security.
Microsoft previously unveiled a feature akin to the Edge Browser in 2019. A notice advising users to restart Edge without administrator access would show up when they launched the browser with elevated permissions.
The feature was later changed by Microsoft to automatically stop the Edge browser from starting with elevated capabilities.
With developers contributing to the Chromium source code, Microsoft is also implementing the same enhancements to Chromium.
Microsoft has acknowledged that Chrome will now immediately de-elevate when users attempt to run it with higher access, as Leo on X observed.
“De-elevate users who launch Chrome elevated automatically.” In a Chromium commit, Stefan Smolen, a member of the Microsoft Edge team, stated, “This CL is based on changes we’ve had in Edge, circa 2019, which attempts to automatically de-elevate the browser when it’s run with the elevated part of a split / linked token.”
“This automatically attempts a relaunch once, and then if it still fails it falls back to the current behaviour.”
In order to avoid endless loops, Microsoft has also included a command-line option called “-do-not-de-elevate,” which stops the de-elevation following an auto-relaunch.
Don’t lower the browser’s elevation when it first launches. A source code note states, “Used after de-elevating to prevent infinite loops.”
To avoid interfering with programs that might need to run automatically, this feature does not function for Chrome processes that are launched with elevated rights while in automation mode.
But generally speaking, Microsoft cautions against using the browser in administrator mode.
Anything you download and open using Chrome will also launch with Administrator rights since Chrome inherits elevated permissions when it runs as an administrator. This can be a major security issue.
A malicious file could execute with complete system access if you unintentionally download and run it, possibly compromising your entire operating system without any prior notice.
