- A Microsoft Dev submitted a chromium update
- The update de-relevant chrome, to be executed without default administration privileges
- This should prevent modules and malicious extensions from operating freely
Future versions of Chrome on Windows will probably not run with default administration privileges. In this way, users must be better protected against suspicious extensions, risky websites and other potentially malicious activities.
Earlier in May, a main software engineer at Microsoft, Stefan Smolen, submitted a commitment to the Chromium source code, with which Chrome automatically deserted when users try to launch it with high authorizations.
“This CL is based on changes that we have made in Edge, around 2019, which tries to automatically deactivate the browser when executed with the high part of a split / linked token,” said Smolen in the Commit. “It automatically tries a recovery once, then if it fails, it falls back to the current behavior (which tries to launch the administrator).”
Secure chrome
The functionality has been present in Edge since 2019. When users launch Edge with high authorizations, the browser would display a warning and a recommendation to relaunch it without administration privileges.
“We add a command switch to prevent automatic recovery if, for any reason, we again relaunch in administrator mode,” said the Commit. “We do not disintegrate chrome when he runs in automation mode, so we do not interfere with automation tools.” This feature also prevents infinite potential loops.
Being a wider internet window, the web browser is one of the most targeted programs. It constantly manages unreliable data from countless sources, which is why cybercriminals are always looking for vulnerabilities – either in code, in plugins or in poorly secure websites. The compromise of a browser can give the actors of the threat access to sensitive information, in particular connection identification information, personal data, etc.
By removing the administration of the browser, Microsoft disarms it, preventing threat actors from executing malware or stealing personally identifiable information. Therefore, the Redmond giant advises all users not to launch their browsers with administration rights.
Via Bleeping Compompute
