A Microsoft dev has submitted an update to Chromium
The update de-elevates Chrome, to run without admin privileges by default
This should prevent malicious add-ons and extensions from operating freely

Future versions of Chrome on Windows will most likely not run with admin privileges by default. That way, users should be better protected from suspicious extensions, risky websites, and other potentially malicious activities.

Earlier in May, a Principal Software Engineer at Microsoft, Stefan Smolen, submitted a commit to the Chromium source code, with which Chrome will automatically de-elevate when users try to launch it with elevated permissions.

“This CL is based on changes we’ve had in Edge, circa 2019, which attempts to automatically de-elevate the browser when it’s run with the elevated part of a split / linked token,” Smolen said in the commit. “This automatically attempts a relaunch once, and then if it still fails it falls back to the current behaviour (which tries to launch admin).”

TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!

New users can take advantage of RoboForm’s exclusive deal and get 60% off the Premium Plan. With this deal, you can get unlimited password storage, one-click login & autofill, password sharing, two-factor authentication for added protection, cloud backup, and emergency access for trusted contacts. To claim this deal, visit this link and sign up for the Premium Plan to lock in this huge discount.

Preferred partner (What does this mean?)View Deal

Securing Chrome

The feature has been present in Edge since 2019. When users launch Edge with elevated permissions, the browser would display a warning and a recommendation to relaunch it without admin privileges.

“We append a command-line switch to prevent auto-relaunch if, for whatever reason, we re-launch into admin mode again,” the commit further reads. “We do not de-elevate Chrome when it’s running in automation mode so we don’t interfere with automation tools.” This feature also prevents potential infinite loops.

Being a window to the wider internet, the web browser is one of the most frequently targeted programs. It constantly handles untrusted data from countless sources, which is why cybercriminals are always looking for vulnerabilities – either in the code, in plugins, or in poorly secured websites. Compromising a browser can give threat actors access to sensitive information including login credentials, personal data, and more.

By taking away admin privileges from the browser, Microsoft disarms it, preventing threat actors from running malware or stealing personally identifiable information. Therefore, the Redmond giant advises all users not to launch their browsers with admin rights.

Via BleepingComputer