Back in April 2019, Microsoft made Edge capable of detecting when a browsing session was running in Administrator mode. At the time, it would notify users to relaunch the browser in de-elevated mode. The feature was added in order to improve the security of its browser.
A few months later, in August 2019, Microsoft improved upon this by introducing a new "De-elevate browser on launch" flag for Edge, which enabled the browser to automatically relaunch without admin rights if it detected elevated privileges.
As good as this feature has been on Edge, a bit surprisingly perhaps, Google's own Chrome browser has been lacking this ability, despite the fact that Edge received the feature in its Chromium form.
Finally, though, de-elevated browser launch is coming to Google Chrome, too, thanks to Microsoft. Stefan Smolen, a Principal Software Engineer at Microsoft working on Microsoft Edge, added a new "Automatically de-elevate users launching Chrome elevated" code commit to Chromium Gerrit for Chrome recently.
It says:
This CL is based on changes we've had in Edge, circa 2019, which attempts to automatically de-elevate the browser when it's run with the elevated part of a split / linked token.
This automatically attempts a relaunch once, and then if it still fails it falls back to the current behaviour (which tries to launch admin). We append a command-line switch to prevent auto-relaunch if, for whatever reason, we re-launch into admin mode again.
Thus, the flag, similar to the one on Edge we discussed above, for automatically relaunching a browser without elevation, is coming soon to Chrome as well. However, Smolen also notes that the new patch will not run on systems where Chrome is running in automation mode so as not to interfere with automation tools.
Interestingly, Stefan Smolen is the same engineer who first brought this change to Edge in 2019.
Source: Chromium Gerrit via Leopeva64 (X)
0 Comments - Add comment