Microsoft really doesn’t want you to run web browsers with elevated feature

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,262
Microsoft is working on a new feature for Chromium-based web browsers that will protect you from accidentally launching the browser as an “administrator”.

Run as “administrator” or elevated permission function probably isn’t foreign to you. For those unaware, elevated permission allows you to launch a program and its processes with an administrator token, which enables access to sensitive features without additional permissions.

While elevated permission is necessary for some apps, it’s generally recommended to avoid running any browser process with elevated rights. This is because programs or files that you download using the browser will be executed with elevated permission (access to Windows files) and it could be abused for malware exploitation.

Microsoft Edge (Chromium) previously warned users when they launched the browser with elevated permission via a bubble dialog in the toolbar. However, this feature was removed after excessive user complaints.

“We actually tried just warning the user (in Edge) via a bubble dialog in the corner, but this was happening way more often then we thought it would due to cases where the browser is launched from an elevated program, like an installer, and we decided to remove the warning due to excessive user complaints,” Microsoft said.

Microsoft is now planning to automatically de-elevate Chrome, Edge or other browsers when launched as elevated.

To this, Microsoft will detect when the browser is running elevated in a scenario where executables can be run un-elevated. When detected, Microsoft wants to re-launch the browser through explorer.exe so the browser will run under the same user as the shell and de-elevation will take place.

“The goal of this change is to solve for a majority of users the problems they will run in to with an elevated browser since elevation should be unnecessary,” the company said.

Once this idea is implemented, Microsoft says your browser will not launch the downloaded programs as elevated and child processes will also not run as elevated. This will improve the security of the browser and fix an issue that results in empty tab contents.
 

MonSpyder9

Level 2
May 4, 2020
39
Are there any downsides when your browser is not in an elevated state? I usually just browse sites and read articles so maybe I don't need admin rights on the browser. I mean I never really thought much about this.
 

Minimalist

Level 10
Verified
Well-known
Oct 2, 2020
451
I have never used the function either, so OK for me.:)
Same here. I don't remember when I last had to run it with elevated rights (Firefox or Chrome).

Are there any downsides when your browser is not in an elevated state? I usually just browse sites and read articles so maybe I don't need admin rights on the browser. I mean I never really thought much about this.
Most of the time browser are not run elevated. Maybe only during updates if you have update services disabled.
 
L

Local Host

A browser doesn't need to run with elevated privileges to do anything, even for updates it has workarounds in place to avoid permissions errors.

As stated by Microsoft, this is more a problem when triggering the browser from an elevated APP, will run the browser with elevated privileges, as if running in user space didn't cause enough issues.
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,714
Are there any downsides when your browser is not in an elevated state? I usually just browse sites and read articles so maybe I don't need admin rights on the browser. I mean I never really thought much about this.
From my experience on using standard account to launch a browser, no downside whatsoever
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top