Microsoft is working on a new feature for Chromium-based web browsers that will protect you from accidentally launching the browser as an “administrator”.
Run as “administrator” or elevated permission function probably isn’t foreign to you. For those unaware, elevated permission allows you to launch a program and its processes with an administrator token, which enables access to sensitive features without additional permissions.
While elevated permission is necessary for some apps, it’s generally recommended to avoid running any browser process with elevated rights. This is because programs or files that you download using the browser will be executed with elevated permission (access to Windows files) and it could be abused for malware exploitation.
Microsoft Edge (Chromium) previously warned users when they launched the browser with elevated permission via a bubble dialog in the toolbar. However, this feature was removed after excessive user complaints.
“We actually tried just warning the user (in Edge) via a bubble dialog in the corner, but this was happening way more often then we thought it would due to cases where the browser is launched from an elevated program, like an installer, and we decided to remove the warning due to excessive user complaints,” Microsoft said.
Microsoft is now planning to automatically de-elevate Chrome, Edge or other browsers when launched as elevated.
To this, Microsoft will detect when the browser is running elevated in a scenario where executables can be run un-elevated. When detected, Microsoft wants to re-launch the browser through explorer.exe so the browser will run under the same user as the shell and de-elevation will take place.
“The goal of this change is to solve for a majority of users the problems they will run in to with an elevated browser since elevation should be unnecessary,” the company said.
Once this idea is implemented, Microsoft says your browser will not launch the downloaded programs as elevated and child processes will also not run as elevated. This will improve the security of the browser and fix an issue that results in empty tab contents.