Google Chrome即將變得更安全

此舉旨在通過瀏覽器停止高調攻擊，並在所有平台上加強用戶安全。

Google Chrome is set to get a little safer, especially on Windows, as it is adding a new security feature to Chrome that will automatically de-elevate the browser when it is launched with administrator privileges.

Google Chrome設置要變得更安全，尤其是在Windows上，因為它正在向Chrome添加一個新的安全功能，該功能將在瀏覽器啟動時自動將其刪除。

This move is aimed at stopping high-privilege attacks through the browser and strengthening user security across all platforms.

此舉旨在通過瀏覽器停止高調攻擊，並在所有平台上加強用戶安全。

The change, recently submitted via a Chromium code commit, builds on a similar mechanism introduced in Microsoft Edge back in 2019.

最近通過Chromium Code提交提交的更改基於2019年Microsoft Edge引入的類似機制。

Spotted in the wild on Social Media

在社交媒體上發現了野外

As spotted by Leo (@peva64) on X, the update is designed to improve system security by preventing Chrome from running in elevated mode unnecessarily. In other words, you will no longer be able to run Chrome as an “admin” user on Windows machines, unless absolutely necessary.

正如Leo（@peva64）在X上發現的那樣，該更新旨在通過防止Chrome不必要地以高架模式運行來提高系統安全性。換句話說，除非絕對必要，否則您將不再能夠在Windows計算機上作為“管理員”用戶運行Chrome。

Further, Chrome will now attempt to relaunch itself with standard user permissions when started with admin rights. If the first relaunch attempt fails, Chrome will fall back to the current behavior —running with elevated privileges — but only after ensuring it doesn’t get stuck in a relaunch loop.

此外，Chrome現在將嘗試在管理權權利時嘗試重新啟動標準用戶權限。如果第一次重新啟動的嘗試失敗，Chrome將恢復到當前的行為（具有升高的特權），但只有在確保它不會陷入重新啟動循環之後。

“Automatically de-elevate users launching chrome elevated. This CL is based on changes we’ve had in Edge, circa 2019, which attempts to automatically de-elevate the browser when it’s run with the elevated part of a split / linked token,” Stefan Smolen working with the Microsoft Edge team and one of the key contributors to this update, wrote in a Chromium commit.

啟動Chrome的用戶會自動消除升高的用戶。此CL基於我們在Edge中發生的變化，大約在2019年，它試圖在瀏覽器中自動脫離瀏覽器，並以拆分 /鏈接的Token的高架部分運行，Stefan Smolen與Microsoft Edge Team一起工作的Stefan Smolen與此更新的Chrom合作，並與Microsoft Edge Team合作，並撰寫了Chrom的貢獻。

“This automatically attempts a relaunch once, and then if it still fails it falls back to the current behaviour (which tries to launch admin).”

“這會自動嘗試一次重新啟動，然後如果仍然失敗，它將落後於當前行為（試圖啟動管理員）。”

Microsoft has also introduced a command-line switch, “-do-not-de-elevate,” to stop Chrome from de-elevating after an automatic relaunch. This helps prevent potential infinite relaunch loops when the browser fails to start with standard privileges.

微軟還引入了一個命令行開關“ -do-not-de-ewervate”，以阻止Chrome自動重新啟動後去升值。當瀏覽器無法從標準特權開始時，這有助於防止潛在的無限重新啟動循環。

“Do not de-elevate the browser on launch. Used after de-elevating to prevent infinite loops,” reads a comment in the source code.

源代碼中的評論中寫道：“不要在啟動時解開瀏覽器。在除外以防止無限循環。”

However, this de-elevation won’t apply to Chrome processes launched with elevated rights in automation scenarios, ensuring compatibility with testing tools and scripts.

但是，這種脫離不適用於在自動化方案中啟動的鍍鉻流程，從而確保與測試工具和腳本的兼容性。

New Check Added

添加了新的檢查

To detect when elevated privileges aren’t needed, Chrome now uses a new check called (UserAccountIsUnnecessarilyElevated) that identifies situations where User Account Control (UAC) is enabled, yet the browser is still running with an elevated, linked token — prompting Chrome to relaunch with standard permissions.

為了檢測何時不需要提高特權，Chrome現在使用了一個新的檢查（用戶Accountisunnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnne decelede而言），該檢查可以識別啟用用戶帳戶控制（UAC）的情況，但是瀏覽器仍在使用高架的，鏈接的圖表運行，促使Chrome與標准允許相關。

Additionally, the RunDeElevatedNoWait function has been modified to accept the current working directory, which addresses issues where the default directory (typically system32), which previously led to unexpected or buggy behaviour in some scenarios.

此外，已修改了rundeelevednowait函數以接受當前的工作目錄，該目錄解決了默認目錄（通常是System32）的問題，該問題先前導致某些情況下導致意外或錯誤的行為。

With this initiative, the Chromium team warns about the security risks and compatibility issues that could arise from running with administrative rights. By defaulting to standard privileges, Chrome is looking to follow a safer, more user-friendly model, making the browser more robust in today’s increasingly complex digital landscape.

通過這項倡議，Chromium團隊警告說，憑藉行政權利運行可能引起的安全風險和兼容性問題。默認情況下，Chrome希望遵循一個更安全，更具用戶友好的模型，從而使瀏覽器在當今日益複雜的數字景觀中更加健壯。