Microsoft is working on a new feature to stop users accidentally launching their web browser with administrator or elevated permissions. The change should improve security for Chromium-based browsers, which include Google Chrome, Vivaldi, Opera and Microsoft’s own Edge browser.
Although there are legitimate reasons why an individual would want to operate their device with elevated permissions enabled – to launch a program, for example – running browser processes with elevated privileges is generally advised against. This is because any programs downloaded while such permissions are enabled will also have elevated rights – making them ideal for malware exploits.
Microsoft’s plan, as detailed within the Chromium Gerrit collaboration tool, is to automatically de-elevate a web browser whenever it is launched with elevated privileges. Hopefully, this will cut down on the number of software packages that are downloaded from the web that go on to wreak havoc. Crucially, any programs downloaded will not launch as elevated, nor will any child processes.
Safe, but annoying
In order to achieve its aim, Microsoft will detect when browsers are running with elevated permissions unnecessarily. The browser will then be re-launched through explorer.exe under the same user but with de-elevated rights. A command line switch will be used to prevent infinite re-launching when the de-elevated launch fails.
Originally, Microsoft Edge decided to simply warn users whenever a browser was launched with elevated permissions. A dialogue bubble popped up in the toolbar informing of a heightened security risk.
However, this feature was quickly disabled due to “excessive user complains.” Because everything takes place in the background, Microsoft’s latest idea should offer protection without causing annoyance.
Via Windows Latest