Google removes Chrome admin privileges to reduce threat posed by dodgy extensions

8 hours ago 2

Google Chrome app is seen on an iPhone next to Edge and other web browser apps. Microsoft is using new prompts in Edge to try and stop users from downloading Chrome.

(Image credit: Tada Images / Shutterstock)

A Microsoft dev has submitted an update to Chromium
The update de-elevates Chrome, to run without admin privileges by default
This should prevent malicious add-ons and extensions from operating freely

Future versions of Chrome on Windows will most likely not run with admin privileges by default. That way, users should be better protected from suspicious extensions, risky websites, and other potentially malicious activities.

Earlier in May, a Principal Software Engineer at Microsoft, Stefan Smolen, submitted a commit to the Chromium source code, with which Chrome will automatically de-elevate when users try to launch it with elevated permissions.

“This CL is based on changes we've had in Edge, circa 2019, which attempts to automatically de-elevate the browser when it's run with the elevated part of a split / linked token,” Smolen said in the commit. “This automatically attempts a relaunch once, and then if it still fails it falls back to the current behaviour (which tries to launch admin).”

Securing Chrome

The feature has been present in Edge since 2019. When users launch Edge with elevated permissions, the browser would display a warning and a recommendation to relaunch it without admin privileges.

"We append a command-line switch to prevent auto-relaunch if, for whatever reason, we re-launch into admin mode again,” the commit further reads. “We do not de-elevate Chrome when it's running in automation mode so we don't interfere with automation tools.” This feature also prevents potential infinite loops.

Being a window to the wider internet, the web browser is one of the most frequently targeted programs. It constantly handles untrusted data from countless sources, which is why cybercriminals are always looking for vulnerabilities - either in the code, in plugins, or in poorly secured websites. Compromising a browser can give threat actors access to sensitive information including login credentials, personal data, and more.

By taking away admin privileges from the browser, Microsoft disarms it, preventing threat actors from running malware or stealing personally identifiable information. Therefore, the Redmond giant advises all users not to launch their browsers with admin rights.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via BleepingComputer

Google Chrome update aims to supercharge your web browsing with three AI features
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article