Google introduces an important change into the work of the Chromium browser, aimed at increasing the safety of Windows users. Now, if Chrome is launched with administrator rights, the system will automatically reduce its privileges to the level of a regular user.
A similar mechanism has already been implemented by Microsoft in the EDGE browser back in 2019. Initially, when starting EDGE with increased rights, a warning was displayed, offering to restart it without administrative privileges. Later, the company improved the approach – the launch of administrator rights became impossible by default. Now a similar function comes in Chrome thanks to the participation of Microsoft developers in the Chromium project.
According to the EDGE team, Stefan Smolen, to the source code Chromium the mechanism , which was detected by launching the launch of it. Chrome with administrative rights automatically restarts it in mode with reduced rights. If the attempt failed, the browser returns to the previous behavior – continues to work with the rights of the administrator.
In order to avoid focusing with repeated attempts to lower rights, a new command line parameter appeared in Chrome: “–do-not-de-Elevate.” It prevents a repeated attempt to lower privileges if the process has already passed through this procedure once.
It is worth noting that the new function is not used when starting Chrome in automated scenarios, for example, when using testing or management systems, where work with administrative rights may be necessary.
Nevertheless, Microsoft emphasizes that the launch of an administrator’s browser is a potentially dangerous practice. In this mode, everything that loads and starts through Chrome also receives increased privileges. This means that the malicious file accidentally opened by the user can immediately get full access to the system, which makes the attack much more dangerous and difficult to detect.
The new function is designed to reduce such risks and make work on the Internet safer, especially for users who unconsciously start a browser with excessive access rights.