Microsoft aims to stop Chromium browsers from launching with elevated privileges

Microsoft’s recent Chromium commit suggests that the company is working to add a way to “de-elevate” browsers, meaning that it does not want users to launch the browser with elevated or administrative privileges owing to security concerns. The commit termed “Automatically de-elevate browser when launched as elevated” was submitted to Chromium Gerrit (spotted by WindowsLatest) and has had some interesting responses.

The Redmond firm argues that the browser’s ability to automatically switch out of elevated privileges and re-launch under normal user privileges will help it solve problems such as executables downloaded from elevated browsers running with admin privileges, leading to easy access to system files. The company says that browser elevation is “unnecessary” and can cause problems.

However, the idea was met with skepticism from Google engineers who suggested that the choice must be with users and that a prompt to let users know of the elevated browser could be a better idea. Microsoft says that it experimented with a “bubble dialog” warning in the corner, but noticed that the prompt was displayed “way more often” when the browser was launched from an installed or other elevated programs, which led to many user complaints.

Currently, the discussions between the engineers point towards working on a feature to automatically de-elevate downloads and executables run from a browser with elevated privileges. This will ensure that users will explicitly run installers or other programs with elevated privileges if required, and avoid letting the browser automatically run elevated programs.

Report a problem with article
Google Messages Neon Header Image
Next Article

RCS messaging is now available worldwide on Android

Previous Article

James Bond origin story game in development at Hitman studio IO Interactive

14 Comments - Add comment